-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add retry to avoid ECR get auth token failed for some transient issues #1886
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
trying to understand the issue more deeply.
- so there's a failure case when the ecr client cannot resolve EC2 roles via IMDS because it fails to make the IMDSv2 call due to intermittent network issues and then falls back to IMDSv1 even when it is disabled for the instance.
- This then this causes the ecr request to fail without even doing retries because this is part of the request finalizers and not the request itself.
- Finally, since we can't control how the imds client is configured within the ecr client, we're just using a retry around the entire call itself.
Does that sound right?
Yes it is the whole picture. And also attached the link that AL2023 has disabled IMDSv1 https://docs.aws.amazon.com/linux/al2023/ug/deprecated-al2023.html |
awslabs#1886) * add retry to avoid fetching token failed with some transient issues * add retry to avoid ECR get auth token failed for some transient issues * add retry to avoid ECR get auth token failed for some transient issues
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Testing Done
make