Adding docs for regional packages migration #8163
Conversation
eks-distro-bot
added
the
size/M
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8163 +/- ##
=======================================
Coverage 73.40% 73.40%
=======================================
Files 577 577
Lines 35921 35921
=======================================
Hits 26368 26368
Misses 7884 7884
Partials 1669 1669 ☔ View full report in Codecov by Sentry. |
|
/hold |
pokearu
force-pushed
the
packages-reg-migration
branch
from
7c38a4c to
6cc106c
Compare
|
/unhold |
| linkTitle: "Packages regional ECR migration" | ||
| weight: 4 | ||
| description: > | ||
| Migrating packages ECR registry to packages registry for EKS Anywhere subscription |
There was a problem hiding this comment.
Migrating EKS Anywhere Curated Packages to latest regional ECR repositories
| Migrating packages ECR registry to packages registry for EKS Anywhere subscription | ||
| --- | ||
|
|
||
| When an EKS Anywhere Enterprise Subscription is created, the AWS account that created the subscription is granted access to EKS Anywhere Curated Packages in the AWS Region where the subscription was created. If an existing EKS Anywhere cluster has curated packages access configured with the non-subscription based licens; we need to migrate the packages to consume the regional ECR registries. |
There was a problem hiding this comment.
I think we should say,
"When you purchase an EKS Anywhere Enterprise Subscription through the Amazon EKS console or APIs, the AWS account that purchased the subscription is automatically granted access to EKS Anywhere Curated Packages in the AWS Region where the subscription is created. If you received trial access to EKS Anywhere Curated Packages or if you have an EKS Anywhere Enterprise Subscription that was created before October 2023, then you need to migrate your EKS Anywhere Curated Packages configuration to use the latest ECR regional repositories."
| ### Steps for Migration | ||
| 1. Ensure you have an active EKS Anywhere Enterprise Subscription. For more information, refer [Purchase subscriptions.]({{< relref "../clustermgmt/support/purchase-subscription.md" >}}) | ||
|
|
||
| 2. If the EKS Anywhere Enterprise Subscription AWS account and the existing IAM user static credentials for curated packages on the cluster are different, we need to update the `aws-secret` object on the cluster with new credentials. Refer [Updating the package credentials |
There was a problem hiding this comment.
"If the AWS account that created the EKS Anywhere Enterprise Subscription through the Amazon EKS console or APIs and the AWS IAM user credentials for curated packages on your existing cluster are different, you need to update the aws-secret object on the cluster with new credentials. Refer to ..."
| 2. If the EKS Anywhere Enterprise Subscription AWS account and the existing IAM user static credentials for curated packages on the cluster are different, we need to update the `aws-secret` object on the cluster with new credentials. Refer [Updating the package credentials | ||
| .]({{< relref "./packagecontroller.md#updating-the-package-credentials" >}}) | ||
|
|
||
| 3. Edit the `ecr-credential-provider-package` package on the cluster and update `matchImages` to point to the private ECR for the region you have a subscription. Example, `346438352937.dkr.ecr.us-west-2.amazonaws.com` for `us-west-2`. |
There was a problem hiding this comment.
"... with the correct ECR package registry for the AWS Region where you created your subscription. Example, 346438352937.dkr.ecr.us-west-2.amazonaws.com for us-west-2. Reference the table in the expanded output at the top of this page for a mapping of AWS Regions to ECR package registries.
| ```bash | ||
| kubectl edit package ecr-credential-provider-package -n eksa-packages-<cluster name> | ||
| ``` | ||
| This causes `ecr-credential-provider-package` pods to rollout and configure’s kubelet to use aws credentials for pulling images from the new ECR registry. |
There was a problem hiding this comment.
Nit: "... and the kubelet is configured to use AWS credentials for pulling images from the new regional ECR packages registry."
| ``` | ||
| This causes `ecr-credential-provider-package` pods to rollout and configure’s kubelet to use aws credentials for pulling images from the new ECR registry. | ||
|
|
||
| 4. Edit the `PackageBundleController` object on the cluster and set the `defaultImageRegistry` and `defaultRegistry` to point to the private ECR for the region we have a subscription. |
There was a problem hiding this comment.
Nit: "... to point to the ECR package registry for the AWS Region where you created your subscription."
| ``` | ||
| This step causes all the packages on the cluster to be reinstalled and pods rolled out from the new registry. | ||
|
|
||
| 7. Edit the `ecr-credential-provider-package` package again and now set the `sourceRegistry` to point to the private ECR for the region we have a subscription. |
There was a problem hiding this comment.
Nit: "... to point to the ECR package registry for the AWS Region where you created your subscription."
| NAMESPACE NAME ACTIVEBUNDLE STATE DETAIL | ||
| eksa-packages my-cluster-name v1-28-160 upgrade available v1-28-274 available | ||
| ``` | ||
| 6. Edit the `PackageBundleController` object on the cluster and set the `activeBundle` field to the new bundle number that is availble. |
| --- | ||
|
|
||
| When an EKS Anywhere Enterprise Subscription is created, the AWS account that created the subscription is granted access to EKS Anywhere Curated Packages in the AWS Region where the subscription was created. If an existing EKS Anywhere cluster has curated packages access configured with the non-subscription based licens; we need to migrate the packages to consume the regional ECR registries. | ||
|
|
There was a problem hiding this comment.
Can we add a high-level comment on the customer impact? Can this procedure cause downtime to packages?
There was a problem hiding this comment.
So it does cause the packages to roll out but its a helm update; so the new pods come up and the old ones get terminated. So ideally there should be no downtime. Will add a line for that.
|
We need to additionally update these pages to mention the differences between the old ECR repos and the regional ECR repos. I think there may be some differences in the steps. |
pokearu
force-pushed
the
packages-reg-migration
branch
from
6cc106c to
a8b3070
Compare
pokearu
force-pushed
the
packages-reg-migration
branch
from
a8b3070 to
b1b20ee
Compare
eks-distro-bot
added
size/L
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pokearu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Issue https://github.com/aws/eks-anywhere-internal/issues/2141
Description of changes:
Adding documentation for the steps that a user needs to perform to migrate their cluster to use an EKS Enterprise subscription granted regional curated packages from the legacy ECR registries.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.