feat(nodeadm): support public ecr authenticated ipv6 pulls

[mselim00]

Issue #, if available:
Resolves #2592

Description of changes:
Adds the dualstack endpoint for public ECR per https://docs.aws.amazon.com/AmazonECR/latest/public/public-ecr-requests.html.

This will support authenticated image pulls for Ipv6 nodes from public ECR. This is not strictly necessary, but it increases pull allowances to reduce throttling, as detailed in https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Testing Done

See this guide for recommended testing for PRs. Some tests may not apply. Completing tests and providing additional validation steps are not required, but it is recommended and may reduce review time and time to merge.

[mselim00]

flipped to draft, it doesn't seem like the ecr cred provider currently supports dualstack for ipv6 for the public registry, the host is hardcoded to the ipv4 one https://github.com/kubernetes/cloud-provider-aws/blob/742c08cb45041fa4650199179947714ad21b49b8/cmd/ecr-credential-provider/main.go#L44

[mselim00]

working on adding that support in the cred provider then we can do this:
kubernetes/cloud-provider-aws#1332

[mselim00]

gosec failure is unrelated: #2640

[fletcherw]

I'm confused by this line -- is ecr-credential-provider versioning locked to kubernetes versions? Can you backport your change to the earlier release branches of ecr provider?

[mselim00]

yeah ecr credential provider is Kubernetes versioned, it needs to handle kubelet’s credential request/response schema and is bundled w/ cloud provider aws atm.

I’ll check on back porting the change