-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS: trust region if found from AWS metadata #38880
Conversation
d7aea6a
to
1133b41
Compare
6ab00b0
to
80e8897
Compare
This is extremely useful. Thanks for putting this together. |
Thanks @derekwaynecarr - you can see the ECR issue as well ... with this PR we won't have to register new regions in our code, but we still won't be able to use ECR in a new region unless we are running in that region. To tackle that I think we would have to either change it so that we could build docker configs on demand, or just issue a DescribeRegions call and automatically register all of those regions. Unsure which is better right now. |
80e8897
to
0ed32a5
Compare
Does this remove functionality that we have now with ECR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quick question
@@ -100,21 +80,20 @@ type ecrProvider struct { | |||
|
|||
var _ credentialprovider.DockerConfigProvider = &ecrProvider{} | |||
|
|||
// Init creates a lazy provider for each AWS region, in order to support | |||
// RegisterCredentialsProvider registers a credential provider for the specified region. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have this documented anywhere? If so do we need to update the docs?
@erictune a couple of questions, and since there actually is an active @kubernetes/sig-aws-misc group that is active, should we be doing code reviews now? |
No, it just adds functionality: we automatically recognize the ECR region we are running in, even if it isn't in our hard-coded list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great ... @erictune can we get this in? This is super important :)
@erictune can I get a PR review :) |
@k8s-bot aws test this |
/lgtm |
a04b706
to
6f632d0
Compare
@zmerlynn OK if I reapply LGTM after the rebase I had to do? |
/lgtm @justinsb yup |
Jenkins Bazel Build failed for commit 6f632d04cfe06fa4189fb0d60f710cdeb73ccfcd. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
6f632d0
to
ec695bc
Compare
ec695bc
to
3eec540
Compare
Jenkins GKE smoke e2e failed for commit 3eec5409f56583bc80912c581c2471ea4053d98a. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Jenkins verification failed for commit 3eec5409f56583bc80912c581c2471ea4053d98a. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Means we can run in newly announced regions without a code change. We don't register the ECR provider in new regions, so we will still need a code change for now. This also means we do trust config / instance metadata, and don't reject incorrectly configured zones. Fix kubernetes#35014
3eec540
to
04b787b
Compare
Jenkins GCI GCE e2e failed for commit 04b787b. Full PR test history. cc @justinsb The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@k8s-bot gci gce e2e test this |
[APPROVALNOTIFIER] Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Can we get this cherry picked into 1.5.x?? |
@zmerlynn can we get another looks good to me? |
/lgtm |
@k8s-bot test this Tests are more than 96 hours old. Re-running tests. |
Wow, this approval thing is going to be really frustrating. Also, why would it suggest asking yourself for approval?? I trust @zmerlynn to know what this does. /approve |
@deads2k: Looks like the comment has to start with /approve |
/approve |
1 similar comment
/approve |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
Jenkins GCI GKE smoke e2e failed for commit 04b787b. Full PR test history. cc @justinsb, your PR dashboard The magic incantation to run this job again is Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Automatic merge from submit-queue |
Means we can run in newly announced regions without a code change.
We don't register the ECR provider in new regions, so we will still need
a code change for now.
Fix #35014