Can't authentication for ECR

[cucaixanh]

Hello there
I have an authentication problem between EKS and ECR via flux-v2,
I am currently using authentication by giving out a password with command:
aws ecr get-login --no-include-email
I use this command to create a secret.
kubectl create secret docker-registry ecr --docker-server = my-id-aws.dkr.ecr.us-east-1.amazonaws.com --docker-username = AWS --docker-password = my-key-gen == -n flux-system
And after 12 hours my secret expires and flux-v2 cannot pull images.
P/s. I have added a role for EKS Node is AmazonEC2ContainerRegistryReadOnly
My error now: GET https://my-id-aws.dkr.ecr.us-east-1.amazonaws.com/v2/image/tags/list?n=1000: DENIED: Your authorization token has expired. Reauthenticate and try again.

[relu]

Hello @duyhenryer2, thanks for submitting the issue.

Currently, there is no native support for ECR authentication, hence the need to create externally a docker-registry type secret. It is expected that ECR auth tokens expire after 12 hours, thus you'll have to rely on a cronjob to update the secret before that occurs. Here's an example solution that you might be able to use as a workaround in the meantime, at least until native auth support is introduced in the controller.

Progress on implementing registry auth is tracked in #11. Closing this issue.