README
¶
Renew Kubernetes Docker secrets for AWS ECR
AWS Elastic Container Registry (ECR) provides a cost-effective private registry for your Docker containers. However, ECR Docker credentials expire every 12 hours.
To work around this, I created this small tool to automatically refresh the secret in Kubernetes. It deploys as a cron job and ensures that your Kubernetes cluster will always be able to pull Docker images from ECR.
Docker Images
The latest images are:
itzmanish/ecr-token-renew:latest
Environment Variables
The tool is mainly configured through environment variables. These are:
- AWS_ACCESS_KEY_ID (required): AWS access key used to create the Docker credentials.
- AWS_SECRET_ACCESS_KEY (required): AWS secret needed to fetch Docker credentials from AWS.
- AWS_REGION (required): The AWS region where your ECR instance is created.
- DOCKER_SECRET_NAME (required): The name of the Kubernetes secret where the Docker credentials are stored.
- TARGET_NAMESPACE (optional): Comma-separated list of namespaces.
A Docker secret is created in each of these.
If this environment variable is not set, a value of
defaultis assumed. - DOCKER_REGISTRIES (optional): Comma-separated list of registry URL.
If none is provided, the default URL returned from AWS is used.
- Example:
DOCKER_REGISTRIES=https://321321.dkr.ecr.us-west-2.amazonaws.com,https://123123.dkr.ecr.us-east-2.amazonaws.com
- Example:
Installing instruction
$ go install github.com/itzmanish/ecr-token-renew@latest
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.