Packages regional ECR migration
When you purchase an EKS Anywhere Enterprise Subscription through the Amazon EKS console or APIs, the AWS account that purchased the subscription is automatically granted access to EKS Anywhere Curated Packages in the AWS Region where the subscription is created. If you received trial access to EKS Anywhere Curated Packages or if you have an EKS Anywhere Enterprise Subscription that was created before October 2023, then you need to migrate your EKS Anywhere Curated Packages configuration to use the latest ECR regional repositories. This process would cause all the Curated Packages installed on the cluster to rollout and be deployed from the latest ECR regional repositories.
Expand for packages registry to AWS Region table
| AWS Region | Packages Registry Account |
|---|---|
| us-west-2 | 346438352937 |
| us-west-1 | 440460740297 |
| us-east-1 | 331113665574 |
| us-east-2 | 297090588151 |
| ap-east-1 | 804323328300 |
| ap-northeast-1 | 143143237519 |
| ap-northeast-2 | 447311122189 |
| ap-south-1 | 357015164304 |
| ap-south-2 | 388483641499 |
| ap-southeast-1 | 654894141437 |
| ap-southeast-2 | 299286866837 |
| ap-southeast-3 | 703305448174 |
| ap-southeast-4 | 106475008004 |
| af-south-1 | 783635962247 |
| ca-central-1 | 064352486547 |
| eu-central-1 | 364992945014 |
| eu-central-2 | 551422459769 |
| eu-north-1 | 826441621985 |
| eu-south-1 | 787863792200 |
| eu-west-1 | 090204409458 |
| eu-west-2 | 371148654473 |
| eu-west-3 | 282646289008 |
| il-central-1 | 131750224677 |
| me-central-1 | 454241080883 |
| me-south-1 | 158698011868 |
| sa-east-1 | 517745584577 |
Steps for Migration
-
Ensure you have an active EKS Anywhere Enterprise Subscription. For more information, refer Purchase subscriptions.
-
If the AWS account that created the EKS Anywhere Enterprise Subscription through the Amazon EKS console or APIs and the AWS IAM user credentials for curated packages on your existing cluster are different, you need to update the aws-secret object on the cluster with new credentials. Refer Updating the package credentials .
-
Edit the
ecr-credential-provider-packagepackage on the cluster and updatematchImageswith the correct ECR package registry for the AWS Region where you created your subscription. Example,346438352937.dkr.ecr.us-west-2.amazonaws.comforus-west-2. Reference the table in the expanded output at the top of this page for a mapping of AWS Regions to ECR package registries.kubectl edit package ecr-credential-provider-package -n eksa-packages-<cluster name>This causes
ecr-credential-provider-packagepods to rollout and the kubelet is configured to use AWS credentials for pulling images from the new regional ECR packages registry. -
Edit the
PackageBundleControllerobject on the cluster and set thedefaultImageRegistryanddefaultRegistryto point to the ECR package registry for the AWS Region where you created your subscription.kubectl edit packagebundlecontroller <cluster name> -n eksa-packages -
Restart the eks-anywhere-packages controller deployment.
kubectl rollout restart deployment eks-anywhere-packages -n eksa-packagesThis step causes the package controller to pull down a new package bundle onto the cluster and marks the
PackageBundleControlleras upgrade available. ExampleNAMESPACE NAME ACTIVEBUNDLE STATE DETAIL eksa-packages my-cluster-name v1-28-160 upgrade available v1-28-274 available -
Edit the
PackageBundleControllerobject on the cluster and set theactiveBundlefield to the new bundle number that is available.kubectl edit packagebundlecontroller <cluster name> -n eksa-packagesThis step causes all the packages on the cluster to be reinstalled and pods rolled out from the new registry.
-
Edit the
ecr-credential-provider-packagepackage again and now set thesourceRegistryto point to the ECR package registry for the AWS Region where you created your subscription.kubectl edit package ecr-credential-provider-package -n eksa-packages-<cluster name>This causes
ecr-credential-provider-packageto be reinstalled from the new registry.