Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

containerd certificate config using incorrect header section for the EKS 1.24 GPU AMI #1168

Closed
Secretions opened this issue Feb 3, 2023 · 6 comments
Closed

containerd certificate config using incorrect header section for the EKS 1.24 GPU AMI #1168

Secretions opened this issue Feb 3, 2023 · 6 comments

Comments

@Secretions
Copy link

What happened:

The GPU EKS AMI's containerd config was recently updated to support custom certs (see #1154), however, the configuration block uses an incorrect header.

On launch, the new GPU AMI containerd config in /etc/containerd/config.toml (after cloud-init has ran) has a config block that looks like this:

[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d:/etc/docker/certs.d"

While this is correct for the regular EKS AMI, the changes made for the GPU version require the header to be just plugins.cri.registry.

What you expected to happen:

The containerd config's certificate block should look like this:

[plugins.cri.registry]
config_path = "/etc/containerd/certs.d:/etc/docker/certs.d"

How to reproduce it (as minimally and precisely as possible):

  • Launch an EKS 1.24 GPU AMI
  • Check /etc/containerd/config.toml
  • See config block is [plugins."io.containerd.grpc.v1.cri".registry]
  • Try installing a cert into either directory and pulling from a private registry

Anything else we need to know?:

I also noted this on the original ticket: #1154 (comment)

However, that ticket is closed now so I'm opening a new one for visibility.

Environment:

  • AWS Region: us-west-2
  • Instance Type(s): g4dn.xlarge
  • EKS Platform version (use aws eks describe-cluster --name <name> --query cluster.platformVersion): eks.3
  • Kubernetes version (use aws eks describe-cluster --name <name> --query cluster.version): 1.24
  • AMI Version: ami-0ebb35dfd192c3613
  • Kernel (e.g. uname -a): Linux ip-10-0-37-68.us-west-2.compute.internal 5.4.228-131.415.amzn2.x86_64 Template is missing source_ami_id in the variables section #1 SMP Tue Dec 20 12:51:02 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
  • Release information (run cat /etc/eks/release on a node):
BASE_AMI_ID="ami-04e0068781ee1fe9e"
BUILD_TIME="Fri Jan 27 01:49:21 UTC 2023"
BUILD_KERNEL="5.4.228-131.415.amzn2.x86_64"
ARCH="x86_64"
@cartermckinnon
Copy link
Member

Ah, sorry about that @Secretions; I'll get this fixed.

@Secretions
Copy link
Author

Thanks!

@cartermckinnon
Copy link
Member

I've made this change, and it will ship in the next AMI release 👍

@zekena2
Copy link

zekena2 commented Feb 10, 2023

Is there a reason why version 2 isn't used in GPU ami's ?

@yetone
Copy link

yetone commented Jan 17, 2024

Is there a reason why version 2 isn't used in GPU ami's ?

I have the same question

@cartermckinnon
Copy link
Member

We're moving to version 2 in an upcoming release, as a part of reworking our NVIDIA setup to address #1494

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yetone @Secretions @cartermckinnon @zekena2