Skip to content

Commit 71ec6b6

Browse files
zorrofoxzorrofox
authored
fix(eks): fix helm deploy login for public ECR repositories (#24104)
fix helm deploy login for public ECR repositories I have tested this issue fixed in `us-east-1` and `us-west-2` integ testing for ``` yarn integ-runner integ.eks-helm-asset.js --force --parallel-regions us-east-1 yarn integ-runner integ.eks-helm-asset.js --force --parallel-regions us-west-2 ``` Closes #23977. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 236ecde commit 71ec6b6

File tree

427 files changed

+7390
-6373
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

427 files changed

+7390
-6373
lines changed

packages/@aws-cdk/aws-eks/lib/kubectl-handler/helm/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ def get_oci_cmd(repository, version):
111111
region = os.environ.get('AWS_REGION', 'us-east-1')
112112

113113
cmnd = [
114-
f"aws ecr-public get-login-password --region {region} | " \
114+
f"aws ecr-public get-login-password --region us-east-1 | " \
115115
f"helm registry login --username AWS --password-stdin {public_registry['registry']}; helm pull {repository} --version {version} --untar"
116116
]
117117
else:

packages/@aws-cdk/aws-eks/lib/kubectl-provider.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,11 @@ export class KubectlProvider extends NestedStack implements IKubectlProvider {
165165
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryReadOnly'),
166166
);
167167

168+
// For OCI helm chart public ECR authorization.
169+
this.handlerRole.addManagedPolicy(
170+
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonElasticContainerRegistryPublicReadOnly'),
171+
);
172+
168173
// allow this handler to assume the kubectl role
169174
cluster.kubectlRole.grant(this.handlerRole, 'sts:AssumeRole');
170175

packages/@aws-cdk/aws-eks/test/cluster.test.ts

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2103,6 +2103,13 @@ describe('cluster', () => {
21032103
':iam::aws:policy/AmazonEC2ContainerRegistryReadOnly',
21042104
]],
21052105
},
2106+
{
2107+
'Fn::Join': ['', [
2108+
'arn:',
2109+
{ Ref: 'AWS::Partition' },
2110+
':iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly',
2111+
]],
2112+
},
21062113
],
21072114
});
21082115
});
@@ -2297,6 +2304,13 @@ describe('cluster', () => {
22972304
':iam::aws:policy/AmazonEC2ContainerRegistryReadOnly',
22982305
]],
22992306
},
2307+
{
2308+
'Fn::Join': ['', [
2309+
'arn:',
2310+
{ Ref: 'AWS::Partition' },
2311+
':iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly',
2312+
]],
2313+
},
23002314
],
23012315
});
23022316
});

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/cluster.d.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/cluster.d.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/cluster.js renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/cluster.js

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/cluster.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/cluster.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -326,8 +326,8 @@ function analyzeUpdate(oldProps: Partial<aws.EKS.CreateClusterRequest>, newProps
326326
return {
327327
replaceName: newProps.name !== oldProps.name,
328328
replaceVpc:
329-
JSON.stringify(newVpcProps.subnetIds) !== JSON.stringify(oldVpcProps.subnetIds) ||
330-
JSON.stringify(newVpcProps.securityGroupIds) !== JSON.stringify(oldVpcProps.securityGroupIds),
329+
JSON.stringify(newVpcProps.subnetIds?.sort()) !== JSON.stringify(oldVpcProps.subnetIds?.sort()) ||
330+
JSON.stringify(newVpcProps.securityGroupIds?.sort()) !== JSON.stringify(oldVpcProps.securityGroupIds?.sort()),
331331
updateAccess:
332332
newVpcProps.endpointPrivateAccess !== oldVpcProps.endpointPrivateAccess ||
333333
newVpcProps.endpointPublicAccess !== oldVpcProps.endpointPublicAccess ||

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/common.d.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/common.d.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/common.js renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/common.js

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/common.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/common.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/consts.d.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/consts.d.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/consts.js renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/consts.js

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/consts.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/consts.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/fargate.d.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/fargate.d.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/fargate.js renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/fargate.js

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/fargate.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/fargate.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/index.d.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/index.d.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/index.js renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/index.js

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.js.snapshot/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/index.ts renamed to packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.42ee7a787eab7842c3d815365d104cacb9168fb9beb8a1bc019b0a6d7e969bee/index.ts

File renamed without changes.

packages/@aws-cdk/aws-eks/test/integ.alb-controller.js.snapshot/asset.76b95b763a0d19e172361b0123e88b00854f56785669102a9ab0127f4f738bf5/common.js

Lines changed: 0 additions & 43 deletions
This file was deleted.

0 commit comments

Comments
 (0)