I am facing the issue while pulling the docker image from AWS ECR repository, earlier i used
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=kammana --docker-password=<your-password> --docker-email=hari.kammana@gmail.com
The deployment YAML file
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: privateapp
image: kammana/privateapp:0.0.1
imagePullSecrets:
- name: regcred
but now the secret password is only valid for 12 hours when you generate for ECR, i will have to manually change the secret everytime. This is hectic and i read a Medium article.
It can creates kind of cron Job but i want to pull the image at runtime by logging in to ECR.
It would be helpful if you could provide some relevant example with respect ECR direct login via Kubernetes and my cluster is not in the same AWS account so AWS IAM Roles is out of question.
I had the same issue and I use this in a cron:
# KUBECTL='kubectl --dry-run=client'
KUBECTL='kubectl'
ENVIRONMENT=sandbox # yes, typo
AWS_DEFAULT_REGION=moon-west-1
EXISTS=$($KUBECTL get secret "$ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION" | tail -n 1 | cut -d ' ' -f 1)
if [ "$EXISTS" = "$ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION" ]; then
echo "Secret exists, deleting"
$KUBECTL delete secrets "$ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION"
fi
PASS=$(aws ecr get-login-password --region $AWS_DEFAULT_REGION)
$KUBECTL create secret docker-registry $ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION \
--docker-server=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com \
--docker-username=AWS \
--docker-password=$PASS \
--docker-email=infra@setu.co --namespace collect