From 6c82c3abc3aaf37ce73fa78b07d70ace4da39265 Mon Sep 17 00:00:00 2001 From: Abhay Krishna Arunachalam Date: Fri, 26 Jul 2024 11:17:40 -0700 Subject: [PATCH] Use correct registries to integrate with new packages workflows --- .../packagecontrollerclient.go | 36 ++++++--------- pkg/curatedpackages/reader.go | 29 ++++++------ pkg/curatedpackages/regional_registry.go | 46 ++----------------- pkg/curatedpackages/registry_constants.go | 45 ++++++++++++++++++ 4 files changed, 78 insertions(+), 78 deletions(-) create mode 100644 pkg/curatedpackages/registry_constants.go diff --git a/pkg/curatedpackages/packagecontrollerclient.go b/pkg/curatedpackages/packagecontrollerclient.go index 493b6ed107eb1..a28405b65dbb8 100644 --- a/pkg/curatedpackages/packagecontrollerclient.go +++ b/pkg/curatedpackages/packagecontrollerclient.go @@ -241,26 +241,26 @@ func (pc *PackageControllerClient) Enable(ctx context.Context) error { // GetCuratedPackagesRegistries gets value for configurable registries from PBC. func (pc *PackageControllerClient) GetCuratedPackagesRegistries(ctx context.Context) (sourceRegistry, defaultRegistry, defaultImageRegistry string) { - sourceRegistry = publicProdECR - defaultImageRegistry = packageProdDomain - accountName := prodAccount - if strings.Contains(pc.chart.Image(), devAccount) { - accountName = devAccount - defaultImageRegistry = packageDevDomain - sourceRegistry = publicDevECR - } - if strings.Contains(pc.chart.Image(), stagingAccount) { - accountName = stagingAccount - defaultImageRegistry = packageProdDomain - sourceRegistry = publicStagingECR + sourceRegistry = prodPublicRegistryURI + defaultImageRegistry = prodNonRegionalPrivateRegistryURI + registry := prodPublicRegistryAlias + if strings.Contains(pc.chart.Image(), devNonRegionalPublicRegistryURI) { + registry = devRegionalPublicRegistryAlias + defaultImageRegistry = devRegionalPrivateRegistryURI + sourceRegistry = devRegionalPublicRegistryURI + } + if strings.Contains(pc.chart.Image(), stagingPublicRegistryURI) { + registry = stagingPublicRegistryAlias + defaultImageRegistry = devRegionalPrivateRegistryURI + sourceRegistry = stagingPublicRegistryURI } defaultRegistry = sourceRegistry if pc.registryMirror != nil { - // account is added as part of registry name in package controller helm chart + // registry name is added as part of sourceRegistry field in package controller helm chart // https://github.com/aws/eks-anywhere-packages/blob/main/charts/eks-anywhere-packages/values.yaml#L15-L18 - sourceRegistry = fmt.Sprintf("%s/%s", pc.registryMirror.CoreEKSAMirror(), accountName) - defaultRegistry = fmt.Sprintf("%s/%s", pc.registryMirror.CoreEKSAMirror(), accountName) + sourceRegistry = fmt.Sprintf("%s/%s", pc.registryMirror.CoreEKSAMirror(), registry) + defaultRegistry = fmt.Sprintf("%s/%s", pc.registryMirror.CoreEKSAMirror(), registry) if gatedOCINamespace := pc.registryMirror.CuratedPackagesMirror(); gatedOCINamespace != "" { defaultImageRegistry = gatedOCINamespace } @@ -273,12 +273,6 @@ func (pc *PackageControllerClient) GetCuratedPackagesRegistries(ctx context.Cont if err := pc.registryAccessTester.Test(ctx, pc.eksaAccessKeyID, pc.eksaSecretAccessKey, pc.eksaRegion, pc.eksaAwsConfig, regionalRegistry); err == nil { // use regional registry when the above credential is good logger.V(6).Info("Using regional registry") - // In the dev case, we use a separate public ECR registry in the - // beta packages account to source the packages controller and - // credential provider package - if regionalRegistry == devRegionalECR { - sourceRegistry = devRegionalPublicECR - } defaultRegistry = regionalRegistry defaultImageRegistry = regionalRegistry } else { diff --git a/pkg/curatedpackages/reader.go b/pkg/curatedpackages/reader.go index 69cc68dc8839c..c76d11bf88953 100644 --- a/pkg/curatedpackages/reader.go +++ b/pkg/curatedpackages/reader.go @@ -16,16 +16,7 @@ import ( // Temporary: Curated packages dev and prod accounts are currently hard coded // This is because there is no mechanism to extract these values as of now. -const ( - prodAccount = "eks-anywhere" - devAccount = "l0g8r8j6" - stagingAccount = "w9m0f3l5" - publicProdECR = "public.ecr.aws/" + prodAccount - publicDevECR = "public.ecr.aws/" + devAccount - publicStagingECR = "public.ecr.aws/" + stagingAccount - packageProdDomain = "783794618700.dkr.ecr.us-west-2.amazonaws.com" - packageDevDomain = "857151390494.dkr.ecr.us-west-2.amazonaws.com" -) +const () type PackageReader struct { cache *registry.Cache @@ -146,15 +137,21 @@ func removeDuplicateImages(images []registry.Artifact) []registry.Artifact { } func getChartRegistry(uri string) string { - if strings.Contains(uri, publicProdECR) { - return publicProdECR + if strings.Contains(uri, prodPublicRegistryURI) { + return prodPublicRegistryURI + } + if strings.Contains(uri, stagingPublicRegistryURI) { + return stagingPublicRegistryURI } - return publicDevECR + return devRegionalPublicRegistryURI } func getImageRegistry(uri, awsRegion string) string { - if strings.Contains(uri, publicProdECR) { - return strings.ReplaceAll(packageProdDomain, eksaDefaultRegion, awsRegion) + if strings.Contains(uri, prodPublicRegistryURI) { + return strings.ReplaceAll(prodNonRegionalPrivateRegistryURI, eksaDefaultRegion, awsRegion) + } + if strings.Contains(uri, stagingPublicRegistryURI) { + return strings.ReplaceAll(stagingRegionalPrivateRegistryURI, eksaDefaultRegion, awsRegion) } - return strings.ReplaceAll(packageDevDomain, eksaDefaultRegion, awsRegion) + return strings.ReplaceAll(devRegionalPrivateRegistryURI, eksaDefaultRegion, awsRegion) } diff --git a/pkg/curatedpackages/regional_registry.go b/pkg/curatedpackages/regional_registry.go index c977282102ab9..c89092895a0e3 100644 --- a/pkg/curatedpackages/regional_registry.go +++ b/pkg/curatedpackages/regional_registry.go @@ -14,42 +14,6 @@ import ( "github.com/aws/aws-sdk-go-v2/service/ecr" ) -const ( - devRegionalECR string = "067575901363.dkr.ecr.us-west-2.amazonaws.com" - devRegionalPublicECR string = "public.ecr.aws/x3k6m8v0" - stagingRegionalECR string = "067575901363.dkr.ecr.us-west-2.amazonaws.com" -) - -var prodRegionalECRMap = map[string]string{ - "af-south-1": "783635962247.dkr.ecr.af-south-1.amazonaws.com", - "ap-east-1": "804323328300.dkr.ecr.ap-east-1.amazonaws.com", - "ap-northeast-1": "143143237519.dkr.ecr.ap-northeast-1.amazonaws.com", - "ap-northeast-2": "447311122189.dkr.ecr.ap-northeast-2.amazonaws.com", - "ap-northeast-3": "376465423944.dkr.ecr.ap-northeast-3.amazonaws.com", - "ap-south-1": "357015164304.dkr.ecr.ap-south-1.amazonaws.com", - "ap-south-2": "388483641499.dkr.ecr.ap-south-2.amazonaws.com", - "ap-southeast-1": "654894141437.dkr.ecr.ap-southeast-1.amazonaws.com", - "ap-southeast-2": "299286866837.dkr.ecr.ap-southeast-2.amazonaws.com", - "ap-southeast-3": "703305448174.dkr.ecr.ap-southeast-3.amazonaws.com", - "ap-southeast-4": "106475008004.dkr.ecr.ap-southeast-4.amazonaws.com", - "ca-central-1": "064352486547.dkr.ecr.ca-central-1.amazonaws.com", - "eu-central-1": "364992945014.dkr.ecr.eu-central-1.amazonaws.com", - "eu-central-2": "551422459769.dkr.ecr.eu-central-2.amazonaws.com", - "eu-north-1": "826441621985.dkr.ecr.eu-north-1.amazonaws.com", - "eu-south-1": "787863792200.dkr.ecr.eu-south-1.amazonaws.com", - "eu-west-1": "090204409458.dkr.ecr.eu-west-1.amazonaws.com", - "eu-west-2": "371148654473.dkr.ecr.eu-west-2.amazonaws.com", - "eu-west-3": "282646289008.dkr.ecr.eu-west-3.amazonaws.com", - "il-central-1": "131750224677.dkr.ecr.il-central-1.amazonaws.com", - "me-central-1": "454241080883.dkr.ecr.me-central-1.amazonaws.com", - "me-south-1": "158698011868.dkr.ecr.me-south-1.amazonaws.com", - "sa-east-1": "517745584577.dkr.ecr.sa-east-1.amazonaws.com", - "us-east-1": "331113665574.dkr.ecr.us-east-1.amazonaws.com", - "us-east-2": "297090588151.dkr.ecr.us-east-2.amazonaws.com", - "us-west-1": "440460740297.dkr.ecr.us-west-1.amazonaws.com", - "us-west-2": "346438352937.dkr.ecr.us-west-2.amazonaws.com", -} - // RegistryAccessTester test if AWS credentials has valid permission to access an ECR registry. type RegistryAccessTester interface { Test(ctx context.Context, accessKey, secret, region, awsConfig, registry string) error @@ -101,13 +65,13 @@ func TestRegistryWithAuthToken(authToken, registry string, do Do) error { // GetRegionalRegistry get the regional registry corresponding to defaultRegistry in a specific region. func GetRegionalRegistry(defaultRegistry, region string) string { - if strings.Contains(defaultRegistry, devAccount) { - return devRegionalECR + if strings.Contains(defaultRegistry, devNonRegionalPublicRegistryURI) { + return devRegionalPrivateRegistryURI } - if strings.Contains(defaultRegistry, stagingAccount) { - return stagingRegionalECR + if strings.Contains(defaultRegistry, stagingPublicRegistryURI) { + return stagingRegionalPrivateRegistryURI } - return prodRegionalECRMap[region] + return prodRegionalPrivateRegistryURIByRegion[region] } // RegistryAuthTokenProvider provides auth token for registry access. diff --git a/pkg/curatedpackages/registry_constants.go b/pkg/curatedpackages/registry_constants.go new file mode 100644 index 0000000000000..df9e6bb167c6b --- /dev/null +++ b/pkg/curatedpackages/registry_constants.go @@ -0,0 +1,45 @@ +package curatedpackages + +const ( + devNonRegionalPublicRegistryAlias = "l0g8r8j6" + devRegionalPublicRegistryAlias = "x3k6m8v0" + stagingPublicRegistryAlias = "w9m0f3l5" + prodPublicRegistryAlias = "eks-anywhere" + devNonRegionalPublicRegistryURI = "public.ecr.aws/" + devNonRegionalPublicRegistryAlias + devRegionalPublicRegistryURI = "public.ecr.aws/" + devRegionalPublicRegistryAlias + stagingPublicRegistryURI = "public.ecr.aws/" + stagingPublicRegistryAlias + prodPublicRegistryURI = "public.ecr.aws/" + prodPublicRegistryAlias + prodNonRegionalPrivateRegistryURI = "783794618700.dkr.ecr.us-west-2.amazonaws.com" + devRegionalPrivateRegistryURI = "067575901363.dkr.ecr.us-west-2.amazonaws.com" + stagingRegionalPrivateRegistryURI = "724423470321.dkr.ecr.us-west-2.amazonaws.com" +) + +var prodRegionalPrivateRegistryURIByRegion = map[string]string{ + "af-south-1": "783635962247.dkr.ecr.af-south-1.amazonaws.com", + "ap-east-1": "804323328300.dkr.ecr.ap-east-1.amazonaws.com", + "ap-northeast-1": "143143237519.dkr.ecr.ap-northeast-1.amazonaws.com", + "ap-northeast-2": "447311122189.dkr.ecr.ap-northeast-2.amazonaws.com", + "ap-northeast-3": "376465423944.dkr.ecr.ap-northeast-3.amazonaws.com", + "ap-south-1": "357015164304.dkr.ecr.ap-south-1.amazonaws.com", + "ap-south-2": "388483641499.dkr.ecr.ap-south-2.amazonaws.com", + "ap-southeast-1": "654894141437.dkr.ecr.ap-southeast-1.amazonaws.com", + "ap-southeast-2": "299286866837.dkr.ecr.ap-southeast-2.amazonaws.com", + "ap-southeast-3": "703305448174.dkr.ecr.ap-southeast-3.amazonaws.com", + "ap-southeast-4": "106475008004.dkr.ecr.ap-southeast-4.amazonaws.com", + "ca-central-1": "064352486547.dkr.ecr.ca-central-1.amazonaws.com", + "eu-central-1": "364992945014.dkr.ecr.eu-central-1.amazonaws.com", + "eu-central-2": "551422459769.dkr.ecr.eu-central-2.amazonaws.com", + "eu-north-1": "826441621985.dkr.ecr.eu-north-1.amazonaws.com", + "eu-south-1": "787863792200.dkr.ecr.eu-south-1.amazonaws.com", + "eu-west-1": "090204409458.dkr.ecr.eu-west-1.amazonaws.com", + "eu-west-2": "371148654473.dkr.ecr.eu-west-2.amazonaws.com", + "eu-west-3": "282646289008.dkr.ecr.eu-west-3.amazonaws.com", + "il-central-1": "131750224677.dkr.ecr.il-central-1.amazonaws.com", + "me-central-1": "454241080883.dkr.ecr.me-central-1.amazonaws.com", + "me-south-1": "158698011868.dkr.ecr.me-south-1.amazonaws.com", + "sa-east-1": "517745584577.dkr.ecr.sa-east-1.amazonaws.com", + "us-east-1": "331113665574.dkr.ecr.us-east-1.amazonaws.com", + "us-east-2": "297090588151.dkr.ecr.us-east-2.amazonaws.com", + "us-west-1": "440460740297.dkr.ecr.us-west-1.amazonaws.com", + "us-west-2": "346438352937.dkr.ecr.us-west-2.amazonaws.com", +}