mirror of
https://github.com/siderolabs/extensions.git
synced 2025-08-07 06:47:17 +02:00
2f8e401d21
Issue: https://github.com/siderolabs/extensions/issues/241 Signed-off-by: Ströger Florian <stroeger@youniqx.com> Signed-off-by: Noel Georgi <git@frezbo.dev> |
||
|---|---|---|
| .. | ||
| manifest.yaml | ||
| pkg.yaml | ||
| README.md | ||
| vars.yaml | ||
Kubelet ECR Credential Provider extension
This extension provides the ecr-credential-provider binary, which can be executed by Kubelet to provide a short-lived token for pulling container images from Amazon Web Services' Elastic Container Registry (ECR).
Installation
You also need to configure ecr-credential-provider as a Kubelet image
credential provider. For this you'll need patch the machine config with the following:
machine:
kubelet:
credentialProviderConfig:
apiVersion: kubelet.config.k8s.io/v1
kind: CredentialProviderConfig
providers:
- name: ecr-credential-provider
matchImages:
- "*.dkr.ecr.*.amazonaws.com"
- "*.dkr.ecr.*.amazonaws.com.cn"
- "*.dkr.ecr-fips.*.amazonaws.com"
- "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"
- "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"
defaultCacheDuration: "12h"
apiVersion: credentialprovider.kubelet.k8s.io/v1