-
Notifications
You must be signed in to change notification settings - Fork 13
/
create-ecr-imagepullsecret.sh
executable file
·50 lines (41 loc) · 1.22 KB
/
create-ecr-imagepullsecret.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
#
# Create a Kubernetes registry secret for an AWS ECR region
# Requires AWS CLI: https://aws.amazon.com/cli/
# Requires kubectl: https://coreos.com/kubernetes/docs/latest/configure-kubectl.html
#
#
# This secret can be used with 'imagePullSecret' for Kubernetes
#
# ...
# spec:
# containers:
# - name: busybox
# image: busybox:latest
# imagePullSecrets:
# - name: us-west-2-ecr-registry
#...
#
#
# When Kubernetes 1.3.0+ is released this approach should not be necessary
# This patch will allow Kubernetes to automatically cache cross-region AWS ECR tokens
# https://github.com/kubernetes/kubernetes/pull/24369
#
ACCOUNT=555123456789
REGION=us-west-2
SECRET_NAME=${REGION}-ecr-registry
#
# Fetch token (which will expire in 12 hours)
#
TOKEN=`aws ecr --region=$REGION get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2`
#
# Create or repleace registry secret
#
kubectl delete secret --ignore-not-found $SECRET_NAME
kubectl create secret docker-registry $SECRET_NAME \
--docker-server=https://${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com \
--docker-username=AWS \
--docker-password="${TOKEN}" \
--docker-email="${EMAIL}"
# end