Packages regional ECR migration
When you purchase an EKS Anywhere Enterprise Subscription through the Amazon EKS console or APIs, the AWS account that purchased the subscription is automatically granted access to EKS Anywhere Curated Packages in the AWS Region where the subscription is created. If you received trial access to EKS Anywhere Curated Packages or if you have an EKS Anywhere Enterprise Subscription that was created before October 2023, then you need to migrate your EKS Anywhere Curated Packages configuration to use the latest ECR regional repositories. This process would cause all the Curated Packages installed on the cluster to rollout and be deployed from the latest ECR regional repositories.
Expand for packages registry to AWS Region table
AWS Region | Packages Registry Account |
---|---|
us-west-2 | 346438352937 |
us-west-1 | 440460740297 |
us-east-1 | 331113665574 |
us-east-2 | 297090588151 |
ap-east-1 | 804323328300 |
ap-northeast-1 | 143143237519 |
ap-northeast-2 | 447311122189 |
ap-south-1 | 357015164304 |
ap-south-2 | 388483641499 |
ap-southeast-1 | 654894141437 |
ap-southeast-2 | 299286866837 |
ap-southeast-3 | 703305448174 |
ap-southeast-4 | 106475008004 |
af-south-1 | 783635962247 |
ca-central-1 | 064352486547 |
eu-central-1 | 364992945014 |
eu-central-2 | 551422459769 |
eu-north-1 | 826441621985 |
eu-south-1 | 787863792200 |
eu-west-1 | 090204409458 |
eu-west-2 | 371148654473 |
eu-west-3 | 282646289008 |
il-central-1 | 131750224677 |
me-central-1 | 454241080883 |
me-south-1 | 158698011868 |
sa-east-1 | 517745584577 |
Steps for Migration
-
Ensure you have an active EKS Anywhere Enterprise Subscription. For more information, refer Purchase subscriptions.
-
If the AWS account that created the EKS Anywhere Enterprise Subscription through the Amazon EKS console or APIs and the AWS IAM user credentials for curated packages on your existing cluster are different, you need to update the aws-secret object on the cluster with new credentials. Refer Updating the package credentials .
-
Edit the
ecr-credential-provider-package
package on the cluster and updatematchImages
with the correct ECR package registry for the AWS Region where you created your subscription. Example,346438352937.dkr.ecr.us-west-2.amazonaws.com
forus-west-2
. Reference the table in the expanded output at the top of this page for a mapping of AWS Regions to ECR package registries.kubectl edit package ecr-credential-provider-package -n eksa-packages-<cluster name>
This causes
ecr-credential-provider-package
pods to rollout and the kubelet is configured to use AWS credentials for pulling images from the new regional ECR packages registry. -
Edit the
PackageBundleController
object on the cluster and set thedefaultImageRegistry
anddefaultRegistry
to point to the ECR package registry for the AWS Region where you created your subscription.kubectl edit packagebundlecontroller <cluster name> -n eksa-packages
-
Restart the eks-anywhere-packages controller deployment.
kubectl rollout restart deployment eks-anywhere-packages -n eksa-packages
This step causes the package controller to pull down a new package bundle onto the cluster and marks the
PackageBundleController
as upgrade available. ExampleNAMESPACE NAME ACTIVEBUNDLE STATE DETAIL eksa-packages my-cluster-name v1-28-160 upgrade available v1-28-274 available
-
Edit the
PackageBundleController
object on the cluster and set theactiveBundle
field to the new bundle number that is available.kubectl edit packagebundlecontroller <cluster name> -n eksa-packages
This step causes all the packages on the cluster to be reinstalled and pods rolled out from the new registry.
-
Edit the
ecr-credential-provider-package
package again and now set thesourceRegistry
to point to the ECR package registry for the AWS Region where you created your subscription.kubectl edit package ecr-credential-provider-package -n eksa-packages-<cluster name>
This causes
ecr-credential-provider-package
to be reinstalled from the new registry.