AWS: trust region if found from AWS metadata #38880
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
This change is |
k8s-github-robot
added
size/L
justinsb
force-pushed
the
peninsula_club
branch
2 times, most recently
from
d7aea6a
to
1133b41
Compare
k8s-github-robot
added
the
needs-rebase
justinsb
force-pushed
the
peninsula_club
branch
2 times, most recently
from
6ab00b0
to
80e8897
Compare
k8s-github-robot
removed
the
needs-rebase
|
This is extremely useful. Thanks for putting this together. |
|
Thanks @derekwaynecarr - you can see the ECR issue as well ... with this PR we won't have to register new regions in our code, but we still won't be able to use ECR in a new region unless we are running in that region. To tackle that I think we would have to either change it so that we could build docker configs on demand, or just issue a DescribeRegions call and automatically register all of those regions. Unsure which is better right now. |
justinsb
force-pushed
the
peninsula_club
branch
from
80e8897
to
0ed32a5
Compare
Does this remove functionality that we have now with ECR? |
| @@ -100,21 +80,20 @@ type ecrProvider struct { | |||
|
|
|||
| var _ credentialprovider.DockerConfigProvider = &ecrProvider{} | |||
|
|
|||
| // Init creates a lazy provider for each AWS region, in order to support | |||
| // RegisterCredentialsProvider registers a credential provider for the specified region. | |||
There was a problem hiding this comment.
Do we have this documented anywhere? If so do we need to update the docs?
|
@erictune a couple of questions, and since there actually is an active @kubernetes/sig-aws-misc group that is active, should we be doing code reviews now? |
No, it just adds functionality: we automatically recognize the ECR region we are running in, even if it isn't in our hard-coded list. |
There was a problem hiding this comment.
Looks great ... @erictune can we get this in? This is super important :)
|
@erictune can I get a PR review :) |
|
@k8s-bot aws test this |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
justinsb
force-pushed
the
peninsula_club
branch
from
a04b706
to
6f632d0
Compare
|
@zmerlynn OK if I reapply LGTM after the rebase I had to do? |
|
/lgtm @justinsb yup |
k8s-ci-robot
added
the
lgtm
|
Jenkins Bazel Build failed for commit 6f632d04cfe06fa4189fb0d60f710cdeb73ccfcd. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
justinsb
force-pushed
the
peninsula_club
branch
from
6f632d0
to
ec695bc
Compare
k8s-github-robot
removed
the
lgtm
justinsb
force-pushed
the
peninsula_club
branch
from
ec695bc
to
3eec540
Compare
|
Jenkins GKE smoke e2e failed for commit 3eec5409f56583bc80912c581c2471ea4053d98a. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Jenkins verification failed for commit 3eec5409f56583bc80912c581c2471ea4053d98a. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Means we can run in newly announced regions without a code change. We don't register the ECR provider in new regions, so we will still need a code change for now. This also means we do trust config / instance metadata, and don't reject incorrectly configured zones. Fix kubernetes#35014
justinsb
force-pushed
the
peninsula_club
branch
from
3eec540
to
04b787b
Compare
|
Jenkins GCI GCE e2e failed for commit 04b787b. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@k8s-bot gci gce e2e test this |
|
[APPROVALNOTIFIER] Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
Can we get this cherry picked into 1.5.x?? |
|
@zmerlynn can we get another looks good to me? |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
@k8s-bot test this Tests are more than 96 hours old. Re-running tests. |
|
Wow, this approval thing is going to be really frustrating. Also, why would it suggest asking yourself for approval?? I trust @zmerlynn to know what this does. /approve |
|
@deads2k: Looks like the comment has to start with /approve |
|
/approve |
1 similar comment
|
/approve |
k8s-github-robot
added
the
approved
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
Jenkins GCI GKE smoke e2e failed for commit 04b787b. Full PR test history. cc @justinsb, your PR dashboard The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Automatic merge from submit-queue |
Means we can run in newly announced regions without a code change.
We don't register the ECR provider in new regions, so we will still need
a code change for now.
Fix #35014