mirrors/talos-extensions
1
0
Fork 0
mirror of https://github.com/siderolabs/extensions.git synced 2025-08-05 22:07:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
main
talos-extensions/container-runtime/ecr-credential-provider
History
Mateusz Urbanek c66e678b2b
docs: add SBOM for container-runtimes 
Partial for #10940

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
2025-07-23 16:16:54 +02:00
..
manifest.yaml feat: create 'ecr-credential-provider' extension 2023-11-13 23:16:47 +05:30
pkg.yaml docs: add SBOM for container-runtimes 2025-07-23 16:16:54 +02:00
README.md feat: create 'ecr-credential-provider' extension 2023-11-13 23:16:47 +05:30
vars.yaml feat: create 'ecr-credential-provider' extension 2023-11-13 23:16:47 +05:30

README.md

Kubelet ECR Credential Provider extension

This extension provides the ecr-credential-provider binary, which can be executed by Kubelet to provide a short-lived token for pulling container images from Amazon Web Services' Elastic Container Registry (ECR).

Installation

See Installing Extensions.

You also need to configure ecr-credential-provider as a Kubelet image credential provider. For this you'll need patch the machine config with the following:

machine:
  kubelet:
    credentialProviderConfig:
      apiVersion: kubelet.config.k8s.io/v1
      kind: CredentialProviderConfig
      providers:
        - name: ecr-credential-provider
          matchImages:
            - "*.dkr.ecr.*.amazonaws.com"
            - "*.dkr.ecr.*.amazonaws.com.cn"
            - "*.dkr.ecr-fips.*.amazonaws.com"
            - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"
            - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"
          defaultCacheDuration: "12h"
          apiVersion: credentialprovider.kubelet.k8s.io/v1

More Information