jetstack · chelomontilla · Aug 30, 2021 · Aug 30, 2021 · Feb 21, 2024 · Feb 21, 2024
@@ -29,11 +29,6 @@ const (
 	envDockerPassword = "DOCKER_PASSWORD"
 	envDockerToken    = "DOCKER_TOKEN"
 
-	envECRIamRoleArn      = "ECR_IAM_ROLE_ARN"
-	envECRAccessKeyID     = "ECR_ACCESS_KEY_ID"
-	envECRSecretAccessKey = "ECR_SECRET_ACCESS_KEY"
-	envECRSessionToken    = "ECR_SESSION_TOKEN"
-
 	envGCRAccessToken = "GCR_TOKEN"
 
 	envGHCRAccessToken = "GHCR_TOKEN"
@@ -164,33 +159,6 @@ func (o *Options) addAuthFlags(fs *pflag.FlagSet) {
 		))
 	///
 
-	/// ECR
-	fs.StringVar(&o.Client.ECR.IamRoleArn,
-		"ecr-iam-role-arn", "",
-		fmt.Sprintf(
-			"IAM role ARN for read access to private registries, can not be used with access-key/secret-key/session-token (%s_%s).",
-			envPrefix, envECRIamRoleArn,
-		))
-	fs.StringVar(&o.Client.ECR.AccessKeyID,
-		"ecr-access-key-id", "",
-		fmt.Sprintf(
-			"ECR access key ID for read access to private registries (%s_%s).",
-			envPrefix, envECRAccessKeyID,
-		))
-	fs.StringVar(&o.Client.ECR.SecretAccessKey,
-		"ecr-secret-access-key", "",
-		fmt.Sprintf(
-			"ECR secret access key for read access to private registries (%s_%s).",
-			envPrefix, envECRSecretAccessKey,
-		))
-	fs.StringVar(&o.Client.ECR.SessionToken,
-		"ecr-session-token", "",
-		fmt.Sprintf(
-			"ECR session token for read access to private registries (%s_%s).",
-			envPrefix, envECRSessionToken,
-		))
-	///
-
 	/// GCR
 	fs.StringVar(&o.Client.GCR.Token,
 		"gcr-token", "",
@@ -283,11 +251,6 @@ func (o *Options) complete() {
 		{envDockerPassword, &o.Client.Docker.Password},
 		{envDockerToken, &o.Client.Docker.Token},
 
-		{envECRIamRoleArn, &o.Client.ECR.IamRoleArn},
-		{envECRAccessKeyID, &o.Client.ECR.AccessKeyID},
-		{envECRSessionToken, &o.Client.ECR.SessionToken},
-		{envECRSecretAccessKey, &o.Client.ECR.SecretAccessKey},
-
 		{envGCRAccessToken, &o.Client.GCR.Token},
 
 		{envGHCRAccessToken, &o.Client.GHCR.Token},

@@ -8,7 +8,6 @@ import (
 	"github.com/jetstack/version-checker/pkg/client"
 	"github.com/jetstack/version-checker/pkg/client/acr"
 	"github.com/jetstack/version-checker/pkg/client/docker"
-	"github.com/jetstack/version-checker/pkg/client/ecr"
 	"github.com/jetstack/version-checker/pkg/client/gcr"
 	"github.com/jetstack/version-checker/pkg/client/ghcr"
 	"github.com/jetstack/version-checker/pkg/client/quay"
@@ -34,10 +33,6 @@ func TestComplete(t *testing.T) {
 				{"VERSION_CHECKER_DOCKER_USERNAME", "docker-username"},
 				{"VERSION_CHECKER_DOCKER_PASSWORD", "docker-password"},
 				{"VERSION_CHECKER_DOCKER_TOKEN", "docker-token"},
-				{"VERSION_CHECKER_ECR_IAM_ROLE_ARN", "iam-role-arn"},
-				{"VERSION_CHECKER_ECR_ACCESS_KEY_ID", "ecr-access-token"},
-				{"VERSION_CHECKER_ECR_SECRET_ACCESS_KEY", "ecr-secret-access-token"},
-				{"VERSION_CHECKER_ECR_SESSION_TOKEN", "ecr-session-token"},
 				{"VERSION_CHECKER_GCR_TOKEN", "gcr-token"},
 				{"VERSION_CHECKER_GHCR_TOKEN", "ghcr-token"},
 				{"VERSION_CHECKER_QUAY_TOKEN", "quay-token"},
@@ -57,12 +52,6 @@ func TestComplete(t *testing.T) {
 					Password: "docker-password",
 					Token:    "docker-token",
 				},
-				ECR: ecr.Options{
-					IamRoleArn:      "iam-role-arn",
-					AccessKeyID:     "ecr-access-token",
-					SecretAccessKey: "ecr-secret-access-token",
-					SessionToken:    "ecr-session-token",
-				},
 				GCR: gcr.Options{
 					Token: "gcr-token",
 				},
@@ -95,10 +84,6 @@ func TestComplete(t *testing.T) {
 				{"VERSION_CHECKER_DOCKER_USERNAME", "docker-username"},
 				{"VERSION_CHECKER_DOCKER_PASSWORD", "docker-password"},
 				{"VERSION_CHECKER_DOCKER_TOKEN", "docker-token"},
-				{"VERSION_CHECKER_ECR_IAM_ROLE_ARN", "iam-role-arn"},
-				{"VERSION_CHECKER_ECR_ACCESS_KEY_ID", "ecr-access-token"},
-				{"VERSION_CHECKER_ECR_SECRET_ACCESS_KEY", "ecr-secret-access-token"},
-				{"VERSION_CHECKER_ECR_SESSION_TOKEN", "ecr-session-token"},
 				{"VERSION_CHECKER_GCR_TOKEN", "gcr-token"},
 				{"VERSION_CHECKER_GHCR_TOKEN", "ghcr-token"},
 				{"VERSION_CHECKER_QUAY_TOKEN", "quay-token"},
@@ -125,12 +110,6 @@ func TestComplete(t *testing.T) {
 					Password: "docker-password",
 					Token:    "docker-token",
 				},
-				ECR: ecr.Options{
-					IamRoleArn:      "iam-role-arn",
-					AccessKeyID:     "ecr-access-token",
-					SecretAccessKey: "ecr-secret-access-token",
-					SessionToken:    "ecr-session-token",
-				},
 				GCR: gcr.Options{
 					Token: "gcr-token",
 				},

@@ -1,5 +1,5 @@
 {{- $secretEnabled := false }}
-{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.gcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
 {{- $secretEnabled = true }}
 {{- end }}
 {{ $chartname := include "version-checker.name" . }}
@@ -87,33 +87,6 @@ spec:
               key: acr.password
         {{- end }}
 
-        # ECR
-        {{- if .Values.ecr.iamRoleArn }}
-        - name: VERSION_CHECKER_ECR_IAM_ROLE_ARN
-          value: {{ .Values.ecr.iamRoleArn }}
-        {{- end }}
-        {{- if .Values.ecr.accessKeyID }}
-        - name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ $chartname }}
-              key: ecr.accessKeyID
-        {{- end }}
-        {{- if .Values.ecr.secretAccessKey }}
-        - name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
-          valueFrom:
-            secretKeyRef:
-              name: {{ $chartname }}
-              key: ecr.secretAccessKey
-        {{- end }}
-        {{- if .Values.ecr.sessionToken }}
-        - name: VERSION_CHECKER_ECR_SESSION_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: {{ $chartname }}
-              key: ecr.sessionToken
-        {{- end }}
-
         # Docker
         {{- if .Values.docker.token }}
         - name: VERSION_CHECKER_DOCKER_TOKEN

@@ -1,4 +1,4 @@
-{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.ecr.accessKeyID .Values.ecr.secretAccessKey .Values.ecr.sessionToken .Values.docker.username .Values.docker.password .Values.gcr.token .Values.ghcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
+{{- if or .Values.acr.refreshToken .Values.acr.username .Values.acr.password .Values.docker.token .Values.docker.username .Values.docker.password .Values.gcr.token .Values.ghcr.token .Values.quay.token (not (eq (len .Values.selfhosted) 0)) }}
 apiVersion: v1
 data:
   # ACR
@@ -23,17 +23,6 @@ data:
   docker.password: {{.Values.docker.password | b64enc }}
   {{- end}}
 
-  # ECR
-  {{- if .Values.ecr.accessKeyID }}
-  ecr.accessKeyID: {{ .Values.ecr.accessKeyID | b64enc }}
-  {{- end}}
-  {{- if .Values.ecr.secretAccessKey }}
-  ecr.secretAccessKey: {{ .Values.ecr.secretAccessKey | b64enc }}
-  {{- end}}
-  {{- if .Values.ecr.sessionToken }}
-  ecr.sessionToken: {{ .Values.ecr.sessionToken | b64enc }}
-  {{- end}}
-
   # GCR
   {{- if .Values.gcr.token }}
   gcr.token: {{ .Values.gcr.token | b64enc }}

@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  {{- if .Values.ecr.iamRoleArn }}
-  annotations:
-    eks.amazonaws.com/role-arn: {{ .Values.ecr.iamRoleArn }}
-  {{- end }}
+  name: {{ include "version-checker.name" . }}
   labels:
 {{ include "version-checker.labels" . | indent 4 }}
-  name: {{ include "version-checker.name" . }}
+{{- with .Values.serviceAccount.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
@@ -131,48 +131,6 @@ tests:
                 key: acr.password
                 name: version-checker
 
-  # ECR
-  - it: ECR should work
-    set:
-      ecr.iamRoleArn: ajbhvdsbjvh
-      ecr.accessKeyID: jsgbjkas
-      ecr.secretAccessKey: sgkjnabskjga
-      ecr.sessionToken: asgjasg
-    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_IAM_ROLE_ARN
-            value: ajbhvdsbjvh
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                key: ecr.accessKeyID
-                name: version-checker
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                key: ecr.secretAccessKey
-                name: version-checker
-      - contains:
-          path: spec.template.spec.containers[0].env
-          count: 1
-          content:
-            name: VERSION_CHECKER_ECR_SESSION_TOKEN
-            valueFrom:
-              secretKeyRef:
-                key: ecr.sessionToken
-                name: version-checker
-
   # Docker
   - it: Docker should work
     set:

@@ -13,10 +13,10 @@ tests:
           apiVersion: v1
           name: version-checker
 
-  - it: with ecr ARN Set
+  - it: with annotations set
     set:
-      ecr.iamRoleArn: dsjgabjgsg
+      serviceAccount.annotations: { "abc": "123" }
     asserts:
       - equal:
-          path: metadata.annotations["eks.amazonaws.com/role-arn"]
-          value: dsjgabjgsg
+          path: metadata.annotations["abc"]
+          value: "123"
@@ -27,6 +27,9 @@ service:
   # -- Port to expose within the service
   port: 8080
 
+serviceAccount:
+  annotations: {}
+
 # -- Configure version-checkers behaviour
 versionChecker:
   # versionChecker.imageCacheTimeout -- How long to hold on to image tags and their versions
@@ -56,18 +59,6 @@ docker:
   # docker.token -- (string)
   token:
 
-# Amazon Elastic Container Registry Credentials Configuration
-ecr:
-  # -- (string) Provide AWS EKS Iam Role ARN following: [Specify A ServiceAccount Role](https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html)
-  iamRoleArn:
-
-  # -- (string)
-  accessKeyID:
-  # -- (string)
-  secretAccessKey:
-  # -- (string)
-  sessionToken:
-
 # Google Container Registry Credentials Configuration
 gcr:
   # gcr.token -- (string)
@@ -100,7 +91,6 @@ selfhosted:
   #  password: bar
   #  token:
 
-
 # -- Setup version-checkers resource requests/limits
 resources:
   {}

@@ -46,7 +46,6 @@ type Client struct {
 // Options used to configure client authentication.
 type Options struct {
 	ACR        acr.Options
-	ECR        ecr.Options
 	GCR        gcr.Options
 	GHCR       ghcr.Options
 	Docker     docker.Options
@@ -84,7 +83,7 @@ func New(ctx context.Context, log *logrus.Entry, opts Options) (*Client, error)
 		clients: append(
 			selfhostedClients,
 			acrClient,
-			ecr.New(opts.ECR),
+			ecr.New(),
 			dockerClient,
 			gcr.New(opts.GCR),
 			ghcr.New(opts.GHCR),

@@ -7,7 +7,6 @@ import (
 	"sync"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ecr"
 
@@ -18,20 +17,10 @@ import (
 type Client struct {
 	cacheMu             sync.Mutex
 	cachedRegionClients map[string]*ecr.ECR
-
-	Options
-}
-
-type Options struct {
-	IamRoleArn      string
-	AccessKeyID     string
-	SecretAccessKey string
-	SessionToken    string
 }
 
-func New(opts Options) *Client {
+func New() *Client {
 	return &Client{
-		Options:             opts,
 		cachedRegionClients: make(map[string]*ecr.ECR),
 	}
 }
@@ -111,16 +100,9 @@ func (c *Client) getClient(region string) (*ecr.ECR, error) {
 }
 
 func (c *Client) createRegionClient(region string) (*ecr.ECR, error) {
-	var sess *session.Session
-	var err error
-	if c.IamRoleArn != "" {
-		sess, err = session.NewSession()
-	} else {
-		sess, err = session.NewSession(&aws.Config{
-			Credentials: credentials.NewStaticCredentials(c.AccessKeyID, c.SecretAccessKey, c.SessionToken),
-			Region:      &region,
-		})
-	}
+	sess, err := session.NewSession(&aws.Config{
+		Region: &region,
+	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to construct aws credentials: %s", err)
 	}