将映像从ECR拉至Kubernetes部署文件 [英] Pull image from ECR to Kubernetes deployment file
问题描述
我以前使用过从AWS ECR存储库中提取docker映像时遇到了问题
I am facing the issue while pulling the docker image from AWS ECR repository, earlier i used
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=kammana --docker-password=<your-password> --docker-email=hari.kammana@gmail.com
部署YAML文件
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: privateapp
image: kammana/privateapp:0.0.1
imagePullSecrets:
- name: regcred
但是现在,当您为ECR生成密码时,密码仅在12个小时内有效,我每次都必须手动更改密码.这很忙,我读了一个中等文章.
but now the secret password is only valid for 12 hours when you generate for ECR, i will have to manually change the secret everytime. This is hectic and i read a Medium article.
它可以创建某种cron作业,但我想通过登录ECR在运行时提取图像.
It can creates kind of cron Job but i want to pull the image at runtime by logging in to ECR.
如果您可以提供一些有关通过Kubernetes进行ECR直接登录的相关示例,并且我的集群不在同一AWS账户中,那么毫无疑问,AWS IAM角色将很有帮助.
It would be helpful if you could provide some relevant example with respect ECR direct login via Kubernetes and my cluster is not in the same AWS account so AWS IAM Roles is out of question.
推荐答案
我遇到了同样的问题,并且在cron中使用了此问题:
I had the same issue and I use this in a cron:
# KUBECTL='kubectl --dry-run=client'
KUBECTL='kubectl'
ENVIRONMENT=sandbox # yes, typo
AWS_DEFAULT_REGION=moon-west-1
EXISTS=$($KUBECTL get secret "$ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION" | tail -n 1 | cut -d ' ' -f 1)
if [ "$EXISTS" = "$ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION" ]; then
echo "Secret exists, deleting"
$KUBECTL delete secrets "$ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION"
fi
PASS=$(aws ecr get-login-password --region $AWS_DEFAULT_REGION)
$KUBECTL create secret docker-registry $ENVIRONMENT-aws-ecr-$AWS_DEFAULT_REGION \
--docker-server=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com \
--docker-username=AWS \
--docker-password=$PASS \
--docker-email=infra@setu.co --namespace collect
这篇关于将映像从ECR拉至Kubernetes部署文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
