search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.65k stars 3.92k forks source link

eks: Private ECR repositories with namespaces are not supported #23426

Open jfrconley opened 1 year ago

jfrconley commented 1 year ago

Describe the bug

I am trying use a private ECR chart repository with the format oci://<account id>.dkr.ecr.<region>.amazonaws.com/release/charts/<chart name>

Unfortunately, the OCI reference is not recognized and the helm login is not run beforehand. This causes the chart pull to fail, preventing deployment.

Expected Behavior

The chart should be deployed successfully.

Current Behavior

Pulling from the chart repo fails because no login is attempted prior.

Reproduction Steps

  1. Create a private ECR repo, and give it a multilevel prefix like release/charts/
  2. Attempt to deploy the chart using the HelmChart construct

Possible Solution

The issues seems to be line 102 in the helm handler of the kubectl provider.

registry = repository.rsplit('/', 1)[0].replace('oci://', '')

Inputting oci://<account id>.dkr.ecr.<region>.amazonaws.com/release/charts/<chart name> results in <account id>.dkr.ecr.<region>.amazonaws.com/release/charts, which does not match the private_ecr_pattern.

I recommend replacing this line with:

registry = repository.replace("oci://", "").split("/", 1)[0]

Which would result in the correct output of <account id>.dkr.ecr.<region>.amazonaws.com

Additional Information/Context

This bug is currently blocking the our usage of CDK to deploy helm charts

CDK CLI Version

2.53.0

Framework Version

No response

Node.js Version

16.16

OS

MacOS Monterrey

Language

Typescript

Language Version

No response

Other information

No response

pahud commented 1 year ago

Unfortunately https://github.com/aws/aws-cdk/pull/23429 is closed due to being staleness. Are you able to reopen the PR and get this issue resolved?