[EKS][Feature Request]: Enable EKS Add-Ons to Reference Images from a Private Managed AWS ECR Instead of Public ECR #2139
Comments
|
Any updates on this one. How do we get the addon enabled if you are using a IAC to setup your infrastructure. Can you prioritise this? Most enterprise apps as deployed in private network where there is no direct access to public images. How is open telemetry collector supposed to work in that environment |
|
Regarding updating the ADOT EKS add-on to use private ECR repositories for the OTEL images (e.g. xxxxx.dkr.ecr.us-east-1.amazonaws.com/eks/...). I wanted to check if there were any updates on the status of this request. We are currently experiencing some issue after upgrading the OTEL Operator (Non ADOT) which may be due to incompatibility, as the operator is unable to create collector instances, which is hard to maintain as well. I'd appreciate any information you may have on timeline for this request. |
|
Any update about issue? |
|
any updates? |
|
The ADOT team is working on this. @mhausenblas could share further updates. |
|
Thanks, it's WIP and we're tracking it in aws-observability/aws-otel-community#541 |
|
Will this apply to both the Amazon CloudWatch Observability agent addon as well as the AWS Distro for OpenTelemetry addon? At the moment I am unable to migrate to the Amazon CloudWatch Observability agent addon (for container insights) because of the use of the public ECR reference. |
|
The latest version of Amazon CloudWatch Observability EKS add-on has been updated to use private ECR repos. Amazon CloudWatch Observability EKS add-on now pulls images from the following container image registries: https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html |
Community Note
Tell us about your request
What do you want us to build?
I am requesting a feature update for EKS add-ons to enable the use of a private managed AWS ECR repository for ADOT (AWS Open Distro for OpenTelemetry) instead of the public ECR repositories currently in use. This change would facilitate smoother add-on enabling and version upgrading for users running their EKS clusters in environments without internet access.
Which service(s) is this request for?
This request is primarily for AWS EKS, with a focus on the add-ons feature and the ECR service.
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We run our EKS clusters in an intranet environment without internet access, making it challenging to enable or upgrade EKS add-ons that reference images from public ECR repositories. The current process involves manually finding compatible versions and transferring them from the public repository to our private ECR repository, a labor-intensive and error-prone approach.
Are you currently working around this issue?
How are you currently solving this problem?
Yes, as a workaround, we are currently using the OpenTelemetry operator and collector from open source, which has fewer images to upload to the ECR. However, we believe that utilizing AWS EKS add-ons would be more beneficial in terms of future upgrade compatibility and would reduce the operational burden associated with manual updates. Thus, we strongly feel that a solution within the EKS add-ons would be more seamless and efficient.
Additional context
Anything else we should know?
Transitioning to a private managed AWS ECR repository would streamline operations for many organizations running EKS in environments without internet access, promoting enhanced security through facilitating timely updates. It would be greatly beneficial to establish a solution allowing users to reference a private ECR repository natively while interacting with EKS add-ons, thereby minimizing operational burdens and potential for errors.
Attachments
If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)
The text was updated successfully, but these errors were encountered: