amazon-eks-ami icon indicating copy to clipboard operation
amazon-eks-ami copied to clipboard
verified publisher icon awslabs

Node log collector script - add logs for requests to ECR private endpoints.

Open david-a-aws opened this issue 6 months ago • 3 comments

What would you like to be added: For EKS node log collector script, add a test to make a network request to ECR private.

e.g. curl -v https://<account_id>.dkr.ecr.<region>.amazonaws.com and curl -v https://api.ecr.<region>.amazonaws.com

Why is this needed: Recently had an issue where this was the root cause for node failing to join cluster, but none of the other logs mentioned timeout with reaching ECR private to get the sandbox-image/pause image for kubelet to start.

david-a-aws avatar Jun 07 '25 01:06 david-a-aws

I can create a PR for this if the idea is approved

david-a-aws avatar Jun 07 '25 01:06 david-a-aws

Sounds helpful, curious on your thoughts for the specific implementation though. I think the main challenge with this is figuring out which registry to use for the check, since only access to the correct regional EKS container registry is expected. Could perhaps parse it out from https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html but seems less than ideal

mselim00 avatar Jul 20 '25 01:07 mselim00