Score:0

How can you update the password for an AWS ECR repo in Kubernetes?

in flag

I created a private docker registry using AWS ECR. I want to use it with a Kubernetes cluster managed by Rancher, but the password to the registry is changed by AWS every 12 hours. How do I keep it updated as a secret in the cluster?

Score:1
in flag

The easiest way to create and update a docker-registry secret in Rancher 2.x for an AWS ECR repo is to set up a CRON job that uses the AWS CLI and Kubectl.

  • Log into the host machine where the cluster is running
  • Install the AWS CLI and configure it to use an IAM role that can read the ECR credentials.
  • Test the CLI config using this command:

aws ecr --region <your_ecr's_region> get-login-password

  • Install kubectl and configure it with the yaml for the cluster in which you want to define the secret, then run a kubectl get pods to make sure it's all good.
  • Create a shell script like this (delete is necessary because for some reason there is no way to update/overwrite a secret):
kubectl delete secret <name_of_the_docker_registry_secret>
kubectl create secret docker-registry <name_of_the_docker_registry_secret> \
  --docker-server=<your_ecr_registry_uri> \
  --docker-username=AWS \
  --docker-password=$(aws ecr --region <your_ecr's_region> get-login-password) \
  --docker-email=<your_notification_email>
  • Setup a cron job to run this shell script every 6 hours (AWS resets the password every 12, so just to be on the safe side).

The secret will show up in the default project for the cluster and will be used anytime Kubernetes wants to do something related to your ECR registry.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.