aws-load-balancer-controller
aws-load-balancer-controller copied to clipboard
kubernetes-sigs
Feature Request: Publish amazon/aws-alb-ingress-controller Image to Public ECR
The amazon/aws-alb-ingress-controller container image referenced in the installation instructions uses Dockerhub.
This causes issues for larger clusters or clusters that are using Dockerhub anonymously, triggering the Download Rate Limit and causing multiple issues on a cluster, especially during a cluster upgrade.
Having this image available on Public ECR will avoid download limits from Dockerhub and allow for EKS clusters to use ECR instead of Dockerhub, keeping everything within AWS and avoiding a download limit.
An example is the aws-for-fluent-bitimage, which publishes to both Public ECR and Dockerhub
See https://github.com/aws/aws-for-fluent-bit/issues/123
There are regional ECR repos, but having a public one would be super useful :+1:
https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale - Mark this issue or PR as rotten with
/lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale - Mark this issue or PR as rotten with
/lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale - Mark this issue or PR as rotten with
/lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale - Mark this issue or PR as rotten with
/lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
Hi, is there anything I could help with in order to resolve this issue?
In the meantime, for those wondering how to get the image outside of AWS. You need to have an AWS account and login into the container registry with aws-cli:
$ aws --profile $AWS_PROFILE --region $AWS_REGION ecr get-login-password \
| podman login -u AWS --password-stdin 602401143452.dkr.ecr.$AWS_REGION.amazonaws.com/amazon/aws-load-balancer-controller
Login Succeeded!
Otherwise you'll see an error like this:
$ podman image pull 602401143452.dkr.ecr.$AWS_REGION.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
Trying to pull 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4...
Error: initializing source docker://602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4: reading manifest v2.4.4 in 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller: unauthorized: authentication required
My use-case is mirroring the image into a private registry.
My use-case is mirroring the image into a private registry.
For this use case, pulling the image from docker.io probably makes sense; you are unlikely to hit limits pulling it once per version...
My use-case is mirroring the image into a private registry.
For this use case, pulling the image from
docker.ioprobably makes sense; you are unlikely to hit limits pulling it once per version...
nonono, the pull rate limit is per by account, in a big cluster, we need pull more image from different repo.
But you said you were mirroring it into a private registry... You only need to do that once for each image, your big cluster can pull all the images from your private registry...
But you said you were mirroring it into a private registry... You only need to do that once for each image, your big cluster can pull all the images from your private registry...
Sorry, I accidentally ignored the context.
Hi, is there anything I could help with in order to resolve this issue?
In the meantime, for those wondering how to get the image outside of AWS. You need to have an AWS account and login into the container registry with
aws-cli:$ aws --profile $AWS_PROFILE --region $AWS_REGION ecr get-login-password \ | podman login -u AWS --password-stdin 602401143452.dkr.ecr.$AWS_REGION.amazonaws.com/amazon/aws-load-balancer-controller Login Succeeded!Otherwise you'll see an error like this:
$ podman image pull 602401143452.dkr.ecr.$AWS_REGION.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4 Trying to pull 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4... Error: initializing source docker://602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4: reading manifest v2.4.4 in 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller: unauthorized: authentication requiredMy use-case is mirroring the image into a private registry.
In this case, absolutely not necessary mirror to youself private ecr repo. Actually, aws push the image in all region in their account, see it. https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases#:~:text=%40jalessio)-,ECR%20images,-013241004608.dkr.ecr
This issue only request aws push it to aws public ecr. Then, we need not to set different image path in different region eks infra.
Could you point me to the repository on docker.io please? I don't see amazon/aws-load-balancer-controller repo. Only amazon/aws-alb-ingress-controller. Is that the same thing? The Helm chart default values reference 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller.
Oh, I've missed the docker.io/amazon/aws-alb-ingress-controller:v2.4.4 in the release notes. So it is the same thing as amazon/aws-load-balancer-controller then.
Would it make sense to reference the Docker.io repo from the Helm Chart default values instead and/or re-name the docker.io repository to amazon/aws-load-balancer-controller?
This is a bit confusing.
Image posted to public ECR. For details, please refer to the URL https://gallery.ecr.aws/eks/aws-load-balancer-controller.
Are the non-public ECR images still supported? I noticed that the URLs are not included in the release notes any more, and pulling v2.5.1 doesn't seem to work.
ECR Public doesn't support PrivateLink (VPC Endpoints), so it's helpful if the normal ECR images are still supported, as it means it's not necessary to mirror the image to use it in a private cluster.