From 6ec87c1f7a9d2a9d29879cd68d9e930cf37908dc Mon Sep 17 00:00:00 2001 From: Nick Baker Date: Fri, 6 Sep 2024 10:33:00 -0700 Subject: [PATCH] Add new ecr accounts and domains (#1956) --- nodeadm/internal/aws/ecr/ecr.go | 46 ++++++++++--------- templates/al2/provisioners/install-worker.sh | 4 +- templates/al2/runtime/get-ecr-uri.sh | 7 +++ templates/al2023/provisioners/install-efa.sh | 4 ++ .../provisioners/install-neuron-driver.sh | 2 +- .../al2023/provisioners/install-worker.sh | 4 +- 6 files changed, 43 insertions(+), 24 deletions(-) diff --git a/nodeadm/internal/aws/ecr/ecr.go b/nodeadm/internal/aws/ecr/ecr.go index c1da51a25..c70018980 100644 --- a/nodeadm/internal/aws/ecr/ecr.go +++ b/nodeadm/internal/aws/ecr/ecr.go @@ -94,27 +94,29 @@ var accountsByRegion = map[string]string{ "us-east-2": nonOptInRegionAccount, "us-west-1": nonOptInRegionAccount, "us-west-2": nonOptInRegionAccount, - "ap-east-1": "800184023465", - "me-south-1": "558608220178", - "cn-north-1": "918309763551", - "cn-northwest-1": "961992271922", - "us-gov-west-1": "013241004608", - "us-gov-east-1": "151742754352", - "us-iso-west-1": "608367168043", - "us-iso-east-1": "725322719131", - "us-isob-east-1": "187977181151", - "eu-isoe-west-1": "249663109785", - "af-south-1": "877085696533", - "ap-southeast-3": "296578399912", - "me-central-1": "759879836304", - "eu-south-1": "590381155156", - "eu-south-2": "455263428931", - "eu-central-2": "900612956339", - "ap-south-2": "900889452093", - "ap-southeast-4": "491585149902", - "il-central-1": "066635153087", - "ca-west-1": "761377655185", - "ap-southeast-5": "151610086707", + + "af-south-1": "877085696533", + "ap-east-1": "800184023465", + "ap-south-2": "900889452093", + "ap-southeast-3": "296578399912", + "ap-southeast-4": "491585149902", + "ap-southeast-5": "151610086707", + "ca-west-1": "761377655185", + "cn-north-1": "918309763551", + "cn-northwest-1": "961992271922", + "eu-central-2": "900612956339", + "eu-isoe-west-1": "249663109785", + "eu-south-1": "590381155156", + "eu-south-2": "455263428931", + "il-central-1": "066635153087", + "me-central-1": "759879836304", + "me-south-1": "558608220178", + "us-gov-east-1": "151742754352", + "us-gov-west-1": "013241004608", + "us-iso-east-1": "725322719131", + "us-iso-west-1": "608367168043", + "us-isob-east-1": "187977181151", + "us-isof-south-1": "676585237158", } // getEKSRegistryCoordinates returns an AWS region and account ID for the default EKS ECR container image registry @@ -133,6 +135,8 @@ func getEKSRegistryCoordinates(region string) (string, string) { return "187977181151", "us-isob-east-1" } else if strings.HasPrefix(region, "eu-isoe-") { return "249663109785", "eu-isoe-west-1" + } else if strings.HasPrefix(region, "us-isof-") { + return "676585237158", "us-isof-south-1" } return "602401143452", "us-west-2" } diff --git a/templates/al2/provisioners/install-worker.sh b/templates/al2/provisioners/install-worker.sh index bb0d9449c..127fa0919 100644 --- a/templates/al2/provisioners/install-worker.sh +++ b/templates/al2/provisioners/install-worker.sh @@ -111,7 +111,7 @@ sudo mv $WORKING_DIR/iptables-restore.service /etc/eks/iptables-restore.service ################################################################################ ### isolated regions can't communicate to awscli.amazonaws.com so installing awscli through yum -ISOLATED_REGIONS="${ISOLATED_REGIONS:-us-iso-east-1 us-iso-west-1 us-isob-east-1 eu-isoe-west-1}" +ISOLATED_REGIONS="${ISOLATED_REGIONS:-us-iso-east-1 us-iso-west-1 us-isob-east-1 eu-isoe-west-1 us-isof-south-1}" if ! [[ ${ISOLATED_REGIONS} =~ $BINARY_BUCKET_REGION ]]; then # https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html echo "Installing awscli v2 bundle" @@ -265,6 +265,8 @@ elif [ "$BINARY_BUCKET_REGION" = "us-isob-east-1" ]; then S3_DOMAIN="sc2s.sgov.gov" elif [ "$BINARY_BUCKET_REGION" = "eu-isoe-west-1" ]; then S3_DOMAIN="cloud.adc-e.uk" +elif [ "$BINARY_BUCKET_REGION" = "us-isof-south-1" ]; then + S3_DOMAIN="csp.hci.ic.gov" fi S3_URL_BASE="https://$BINARY_BUCKET_NAME.s3.$BINARY_BUCKET_REGION.$S3_DOMAIN/$KUBERNETES_VERSION/$KUBERNETES_BUILD_DATE/bin/linux/$ARCH" S3_PATH="s3://$BINARY_BUCKET_NAME/$KUBERNETES_VERSION/$KUBERNETES_BUILD_DATE/bin/linux/$ARCH" diff --git a/templates/al2/runtime/get-ecr-uri.sh b/templates/al2/runtime/get-ecr-uri.sh index e535c6560..205e43ed9 100755 --- a/templates/al2/runtime/get-ecr-uri.sh +++ b/templates/al2/runtime/get-ecr-uri.sh @@ -39,6 +39,9 @@ else eu-isoe-west-1) acct="249663109785" ;; + us-isof-south-1) + acct="676585237158" + ;; af-south-1) acct="877085696533" ;; @@ -116,6 +119,10 @@ else acct="249663109785" region="eu-isoe-west-1" ;; + us-isof-*) + acct="676585237158" + region="us-isof-south-1" + ;; *) acct="602401143452" region="us-west-2" diff --git a/templates/al2023/provisioners/install-efa.sh b/templates/al2023/provisioners/install-efa.sh index 59460dbd2..d34371af6 100755 --- a/templates/al2023/provisioners/install-efa.sh +++ b/templates/al2023/provisioners/install-efa.sh @@ -20,6 +20,10 @@ if [ ${PARTITION} == "aws-iso" ]; then EFA_DOMAIN="https://aws-efa-installer.s3.${AWS_REGION}.c2s.ic.gov" elif [ ${PARTITION} == "aws-iso-b" ]; then EFA_DOMAIN="https://aws-efa-installer.s3.${AWS_REGION}.sc2s.sgov.gov" +elif [ ${PARTITION} == "aws-iso-e" ]; then + EFA_DOMAIN="https://aws-efa-installer.s3.${AWS_REGION}.cloud.adc-e.uk" +elif [ ${PARTITION} == "aws-iso-f" ]; then + EFA_DOMAIN="https://aws-efa-installer.s3.${AWS_REGION}.csp.hci.ic.gov" fi mkdir -p /tmp/efa-installer diff --git a/templates/al2023/provisioners/install-neuron-driver.sh b/templates/al2023/provisioners/install-neuron-driver.sh index ba57a8e3f..af9a1b254 100755 --- a/templates/al2023/provisioners/install-neuron-driver.sh +++ b/templates/al2023/provisioners/install-neuron-driver.sh @@ -10,7 +10,7 @@ fi PARTITION=$(imds "/latest/meta-data/services/partition") -if [ "$PARTITION" == "aws-iso" ] || [ "$PARTITION" == "aws-iso-b" ]; then +if [[ "$PARTITION" =~ ^aws-iso(-[bef])?$ ]]; then echo "Neuron repository not vailable in isolated regions" exit 1 fi diff --git a/templates/al2023/provisioners/install-worker.sh b/templates/al2023/provisioners/install-worker.sh index a6ac6ed7b..212e3683d 100644 --- a/templates/al2023/provisioners/install-worker.sh +++ b/templates/al2023/provisioners/install-worker.sh @@ -107,7 +107,7 @@ sudo systemctl restart sshd.service ################################################################################ ### isolated regions can't communicate to awscli.amazonaws.com so installing awscli through dnf -ISOLATED_REGIONS="${ISOLATED_REGIONS:-us-iso-east-1 us-iso-west-1 us-isob-east-1 eu-isoe-west-1}" +ISOLATED_REGIONS="${ISOLATED_REGIONS:-us-iso-east-1 us-iso-west-1 us-isob-east-1 eu-isoe-west-1 us-isof-south-1}" if ! [[ ${ISOLATED_REGIONS} =~ $BINARY_BUCKET_REGION ]]; then # https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html echo "Installing awscli v2 bundle" @@ -161,6 +161,8 @@ elif [ "$BINARY_BUCKET_REGION" = "us-isob-east-1" ]; then S3_DOMAIN="sc2s.sgov.gov" elif [ "$BINARY_BUCKET_REGION" = "eu-isoe-west-1" ]; then S3_DOMAIN="cloud.adc-e.uk" +elif [ "$BINARY_BUCKET_REGION" = "us-isof-south-1" ]; then + S3_DOMAIN="csp.hci.ic.gov" fi S3_URL_BASE="https://$BINARY_BUCKET_NAME.s3.$BINARY_BUCKET_REGION.$S3_DOMAIN/$KUBERNETES_VERSION/$KUBERNETES_BUILD_DATE/bin/linux/$ARCH" S3_PATH="s3://$BINARY_BUCKET_NAME/$KUBERNETES_VERSION/$KUBERNETES_BUILD_DATE/bin/linux/$ARCH"