search

aws-observability / aws-otel-community

Welcome to the AWS Distro for OpenTelemetry project. If you're using monitoring and observability tools for AWS products and services, this is a great place to ask questions, request features and network with other community members.
https://aws-otel.github.io/
Apache License 2.0
101 stars 97 forks source link

Use "Amazon EKS Amazon ECR private repositories" instead of public.ecr.aws for EKS ADOT Addon #541

Open joachimdegroot opened 1 year ago

joachimdegroot commented 1 year ago

Hello everyone,

When installing the EKS ADOT Addon the images used are hosted on "public.ecr.aws". Would it be possible to change this to use "Amazon EKS Amazon ECR private repositories"? See this page: https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html

This has a couple of benefits:

  1. Standardises with other EKS Addons
  2. Enables the EKS ADOT Addon to be used in clusters without internet access/restricted environments
  3. Enables the use of the ECR VPC Endpoint

We will also share this request with our AWS Enterprise support team.

If you have any questions I would be glad to discuss!

Thank you in advance!

Joachim

mhausenblas commented 1 year ago

Heya @joachimdegroot, ADOT PM here. Thanks for raising this feature request and this is certainly something worth exploring, not on our immediate roadmap, though.

dukeluke16 commented 1 year ago

As a work-around to using a private ECR, we had to 

kubectl get deploy opentelemetry-operator -n $NAMESPACE -o yaml | \
sed 's|public.ecr.aws/aws-observability|{{company-private-ecr}}/aws-mirror/adot|g' | \
kubectl apply -f -

It's klunky but works until the feature is supported natively by AWS.

psivananda commented 1 year ago

As a work-around to using a private ECR, we had to

kubectl get deploy opentelemetry-operator -n $NAMESPACE -o yaml | \
sed 's|public.ecr.aws/aws-observability|{{company-private-ecr}}/aws-mirror/adot|g' | \
kubectl apply -f -

It's klunky but works until the feature is supported natively by AWS.

this works after addon is installed, in our case we are using CDK to create addon, and it failed as we don't have access to public ecr and CDK rollback everything so kubectl patch doesn't work for me

mhausenblas commented 1 year ago

See also https://github.com/aws/containers-roadmap/issues/2139

cloudbackenddev commented 1 year ago

Any updates on this one. How do we get the addon enabled if you are using a IAC to setup your infrastructure. Can you prioritise this? Most enterprise apps as deployed in private network where there is no direct access to public images. How is open telemetry collector supposed to work in that environment?

mhausenblas commented 1 year ago

Thanks for your feedback @cloudbackenddev and yes, this is on our short-term roadmap.

C3212625 commented 11 months ago

Please help to update here is there any latest update in this. I am as well stuck with same situation my cluster is completely private .,Don't have access to Internet. After Add-on Deployment it is failing with public repo access error.