Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for Elastic Container Registry (ECR) #30

Closed
wants to merge 1 commit into from
Closed

feat: Add support for Elastic Container Registry (ECR) #30

wants to merge 1 commit into from

Conversation

pdemagny
Copy link
Contributor

@pdemagny pdemagny commented Dec 2, 2022
edited
Loading

What does this PR do?

Hello !
This PR adds support for the Amazon Elastic Container Registry GA controller for ACK. Thus allowing the creation of ECR resources (Repository, PullThroughCacheRule) with ACK.

Motivation

I needed an ECR repository to test something on EKS, all of this with the terraform-aws-eks-blueprints.
I saw this great and helpful repository existed but lacked support for ECR, so I thought about contributing it ;)

I have set the IAM permissions for the controller to the recommended iam policy by ACK.

Test Results

I created an EKS cluster with the terraform-aws-eks-blueprints and with the ACK ECR controller installed with my fork:

module "eks_blueprints_ack_addons" {
  source = "github.com/pdemagny/terraform-aws-eks-ack-addons?ref=feat-ecr-support"

  cluster_id = module.eks_blueprints.eks_cluster_id
  # Wait for data plane to be ready
  data_plane_wait_arn = module.eks_blueprints.managed_node_group_arn[0]

  enable_api_gatewayv2 = false
  enable_dynamodb      = false
  enable_s3            = false
  enable_rds           = false
  enable_amp           = false
  enable_ecr           = true

  tags = local.tags
}

Which produces a working installation of the controller:

❯ k get pods -n ack-ecr
NAME                       READY   STATUS    RESTARTS   AGE
ack-ecr-3fab142k69-k3csn   1/1     Running   0          13m

I also created an ECR Repository in my AWS account:

apiVersion: ecr.services.k8s.aws/v1alpha1
kind: Repository
metadata:
  name: my-ack-test-repo
spec:
  name: my-ack-test-repo
  imageScanningConfiguration:
    scanOnPush: false
  imageTagMutability: MUTABLE
  lifecyclePolicy: '{"rules":[{"rulePriority":1,"description":"Expire images older than 14 days","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":14},"action":{"type":"expire"}}]}'
❯ k logs -n ack-ecr ack-ecr-3fab142k69-k3csn
...
2022-12-01T13:26:17.364Z	INFO	ackrt	created new resource	{"account": "<REDACTED>", "role": "", "region": "eu-west-1", "kind": "Repository", "namespace": "default", "name": "my-ack-test-repo", "is_adopted": false, "generation": 1}  
2022-12-01T13:26:17.461Z	INFO	ackrt	desired resource state has changed	{"account": "<REDACTED>", "role": "", "region": "eu-west-1", "kind": "Repository", "namespace": "default", "name": "my-ack-test-repo", "is_adopted": false, "generation": 2, "diff": [{"Path":{"Parts":["Spec","LifecyclePolicy"]},"A":"{\"rules\":[{\"rulePriority\":1,\"description\":\"Expire images older than 14 days\",\"selection\":{\"tagStatus\":\"untagged\",\"countType\":\"sinceImagePushed\",\"countUnit\":\"days\",\"countNumber\":14},\"action\":{\"type\":\"expire\"}}]}","B":null}]}  
2022-12-01T13:26:17.474Z	INFO	ackrt	updated resource	{"account": "<REDACTED>", "role": "", "region": "eu-west-1", "kind": "Repository", "namespace": "default", "name": "my-ack-test-repo", "is_adopted": false, "generation": 2}  
2022-12-01T13:26:49.764Z	INFO	ackrt	deleted resource	{"account": "<REDACTED>", "role": "", "region": "eu-west-1", "kind": "Repository", "namespace": "default", "name": "my-ack-test-repo", "generation": 3}

Additional Notes

❯ pre-commit run -a
Terraform fmt............................................................Passed
Terraform docs...........................................................Passed
Terraform validate with tflint...........................................Passed
Terraform validate.......................................................Passed
check for merge conflicts................................................Passed
fix end of files.........................................................Passed

@pdemagny pdemagny requested a review from a team as a code owner December 2, 2022 14:40
@bryantbiggs bryantbiggs changed the title feat: Add EC2 Container Registry support feat: Add support for Elastic Container Registry (ECR) Dec 2, 2022
@pdemagny
Copy link
Contributor Author

pdemagny commented Dec 2, 2022
edited
Loading

Thanks @bryantbiggs for spotting the silly mistake on ECR's acronym, guess that I've been fooled by the IAM Policy name (AmazonEC2ContainerRegistryFullAccess) & that I must be really tired ;)
I have edited any reference in the PR, the code, and the commit name.

@pdemagny pdemagny closed this Dec 14, 2022
@pdemagny pdemagny reopened this Dec 14, 2022
@pdemagny
Copy link
Contributor Author

pdemagny commented Dec 14, 2022
edited
Loading

I resolved conflicts originating from the merge of #33 so this could be merged.

@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Jan 14, 2023
@github-actions
Copy link

Pull request closed due to inactivity.

@github-actions github-actions bot closed this Jan 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add ECR controller support
1 participant
@pdemagny