Hi,

the documentation shows an example to use username/password to enable private repositories, but on ECR the way to obtain the password is using ecr get-login-password

i see on code exist a variable to support ECR

type DockerOption struct {
	// Auth
	UserName string `yaml:"user_name"`
	Password string `yaml:"password"`

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string `yaml:"registry_token"`

	// ECR
	AwsAccessKey    string `yaml:"aws_access_key"`
	AwsSecretKey    string `yaml:"aws_secret_key"`
	AwsSessionToken string `yaml:"aws_session_token"`
	AwsRegion       string `yaml:"aws_region"`

	// GCP
	GcpCredPath string `yaml:"gcp_cred_path"`

	// SSL/TLS
	InsecureSkipTLSVerify bool `yaml:"insecure_skip_tls_verify"`
	NonSSL                bool `yaml:"non_ssl"`
}

but i don't find any example of how to use it.

Kvisor wants to schedule in Fargate nodes (Amazon EKS) but is not possible, because Fargate only allows to run the specific workload that launched that node.

So, this must be configured if we want skip some nodes, including this fargate case.

The Getting Started link in the README.md points to https://docs.cast.ai/getting-started/overview/, which shows a 404 Not Found page.

Hi,

I've been playing around with kvisor's options a bit, especially with leaderElectionEnabled which seems to have a problem.

RBAC rules do not seem to be defined correctly in the role, especially the one concerning leases.

The create verb is restricted by resourceNames while this is not allowed, it prevents the creation of the lease.

Note: You cannot restrict create or deletecollection requests by their resource name. For create, this limitation is because the name of the new object may not be known at authorization time.

With the current role perms, the following error can be seen when starting the service with the leaderElectionEnabled option enabled.

time="2023-08-06T18:21:06Z" level=error msg="error initially creating leader election record: leases.coordination.k8s.io is forbidden: User \"system:serviceaccount:castai-agent:castai-kvisor\" cannot create resource \"leases\" in API group \"coordination.k8s.io\" in the namespace \"castai-agent\"\n" error="<nil>"
time="2023-08-06T18:21:08Z" level=debug msg="sending logs: sending logs: request error status_code=400 body={\"message\":\"Bad request\",\"fieldViolations\":[]}"

If I use less restrictive permissions on create, the service can create the lease:

  - verbs:
      - get
-     - create
      - update
      - list
      - watch
      - delete
    apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    resourceNames:
      - kvisor
+ - verbs:
+     - create
+   apiGroups:
+     - coordination.k8s.io
+   resources:
+     - leases

I'm kind of starting to use K8s, so maybe I'm wrong, please let me know the correct solution in this case to deploy kvisor in high availability.

Hey team!
I was perplexed with Cluster ID parameter. How can I get it with Helm?
I have CastAI-Agent helm installed and it registers my EKS cluster and generates Cluster ID. If I tried to pass STATIC_CLUSTER_ID parameter to the Agent it failed with the "cluster not found" error.

What is the right way to install Agent and Kvisor without manually copy-pasting Cluster ID from UI?