ECR Secrets in k8s cluster

Precondition

  • AWS CLI
  • kubectl
AWS_ACCOUNT=$(aws sts get-caller-identity --query 'Account' --output text) #aws account number
AWS_REGION=ap-northeast-2 
DOCKER_REGISTRY_SERVER=https://${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com
DOCKER_USER=AWS
DOCKER_PASSWORD=$(aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken'| base64 -d | cut -d: -f2)

kubectl delete secret aws-registry || true
kubectl create secret docker-registry aws-registry \
--docker-server=$DOCKER_REGISTRY_SERVER \
--docker-username=$DOCKER_USER \
--docker-password=$DOCKER_PASSWORD
apiVersion: v1
kind: Pod
metadata:
  name: app-pod
  labels:
    app: app-pod
spec:
  containers:
    - name: aws-pod
      image: *********.dkr.ecr.*******.amazonaws.com/app
      ports:
        - containerPort: 8080
          protocol: TCP
  imagePullSecrets:
    - name: aws-registry
  • Add imagePullSecrets for connecting your aws ecr repository on pod definition file(deployment etc)

Leave a Reply

Your email address will not be published.

ANOTE.DEV