ECR Secret Operator
Amazon Elastic Container Registry Private Registry Authentication provides a temporary authorization token valid only for 12 hours. This operator refreshes automatically the Amazon ECR authorization token before it expires, reducing the overhead in managing the authentication flow.
This operator contains two Custom Resources which direct the operator to generate/refresh Amazon ECR authorization token in a timely manner:
How to use this operator
Prerequisites
- Create an ECR private repository
- Provide AWS Authentication to the operator. Two Options:
Install the operator
- Install the operator from operator hub community
Create the ECR Secret CRD
A docker registry secret is created by the operator momentally and the token is patched every 10 hours
A sample build process with generated secret
Link the secret to builder
Configure build config to point to your ECR Container repository
Build should succeed and push the image to the the private ECR Container repository
Create the ECR Secret Argo CD Helm Repo CRD
- OpenShift GitOps is installed
- Helm chart stored in ecr test repo
- Create the Helm Repo CRD
- Create a sample GitOps application
The ArgoCD application should sync with ECR helm chart successfully
Create IAM user and Policy
Notes: These are sample commands. Please fill in your own resource parameters E.g. ARN
- Create the policy
- Create a user and access key and attach the policy
Notes: Save access key id and key for later usage
Create STS Assume Role
Notes: These are sample commands. Please fill in your own resource parameters E.g. ARN
-
Prequisites
-
Setup Environment Variables
-
Create the policy
