bottlerocket
bottlerocket copied to clipboard
bottlerocket-os
Tag Pre-Release AMI Versions
Requesting a pre-release tag be added to the images. Tag would stay on the image until it has been pushed to SSM Parameter Store.
I can see it gets added to the releases.
https://github.com/bottlerocket-os/bottlerocket/releases
It would be great to see this present on the image itself, either as a property or a tag.
I mentioned this idea to @rpkelly once and he pointed out that tags are always private, and therefore not very useful for public AMIs.
We've also talked about marking AMIs as deprecated initially, and removing that flag once the release was fully deployed and the SSM parameters were published.
I'm curious about the goal behind this request - what are you trying to accomplish?
Hi @bcressey Thanks for looking into this issue/request. I am trying to address the gap between available vs approved AMIs for a K8s version and avoid a runtime apply error like this one:
Error: updating EKS Node Group (*****) version: operation error EKS: UpdateNodegroupVersion, https response error StatusCode: 400, RequestID: *****, InvalidParameterException: Requested release version 1.33.0-cc306b6f is not valid for kubernetes version 1.29.
If we query SSM Parameter Store, the latest AMI version returned is different from what we get when looking up using a data "was_ami" source (https://registry.terraform.io/providers/hashicorp/aws/5.89.0/docs/data-sources/ami).
(1.32.0-cacc4ce9 vs 1.33.0-cc306b6f)
aws ssm get-parameter --name /aws/service/bottlerocket/aws-k8s-1.29/x86_64/latest/image_version --query "Parameter.Value" --output text
1.32.0-cacc4ce9
I understand this could be because of the image lifecycle where a recent image is promoted as latest after a duration or whatever the current process is. To my knowledge that timeline is also not fixed. It would be helpful if there was a way to filter the pre-release versions and still get the remaining list using data source.
If one of the exiting properties are updated to show a version is still in pre-release phase or a tag gets added that's publicly visible
+ **tags = {
"stage" = "pre-release"
}**
we could easily modify this lookup
data "aws_ami" "example" {
....
filter {
name = "tags:stage"
values = ["pre-release"]
}
.....
}
Hi @bcressey Were you able to decide if this something that can be implemented? Deprecated tag works too. Any way to distinguish a version that's not ready works basically. Thanks.
Hi @Sushil-Git, I'm wondering if it would be possible for you to instead use the ssm_parameter data source in order to resolve the AMI IDs regionally?
https://registry.terraform.io/providers/hashicorp/aws/5.89.0/docs/data-sources/ssm_parameter
I suspect something like this would return the AMI ID needed:
data "aws_ssm_parameter" "bottlerocket_ami" {
name = "/aws/service/bottlerocket/aws-k8s-1.30/x86_64/latest/image_id"
}
Hi @cbgbt I have considered this but it does not support my requirement. AMIs are pushed to SSM at least after a week I believe, so there is always a gap between AMIs being published and moved to SSM. I need the latest available in our lower environments as the images go through a staggered release cycle through dev-qa-prod.