[英]How to authenticate into AWS ECR in Kubernetes Yaml
我有以下pod.yaml
文件,它簡單地描述了 Kubernetes pod 的創建:
apiVersion: v1
kind: Pod
metadata:
name: dotnet-console-producer-poc.pod
labels:
app: helloworld
spec:
containers:
- name: dotnet-console-producer-pod
image: 442285873998.dkr.ecr.us-east-1.amazonaws.com/dotnet-console-producer-benchmark-docker:latest
ports:
- containerPort: 8001
引用的圖像位於 AWS ECR ( 442285873998.dkr.ecr.us-east-1.amazonaws.com/dotnet-console-producer-benchmark-docker:latest
) 中。
運行創建資源命令 ( kubectl create -f pod.yaml
) 時,pod 已創建,但由於無法從 AWS ECR 訪問映像而崩潰。 Kubernetes錯誤如下圖所示:
Failed to pull image "442285873998.dkr.ecr.us-east-1.amazonaws.com/mcflow-dotnet-console-producer-benchmark-docker:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 442285873998.dkr.ecr.us-east-1.amazonaws.com/mcflow-dotnet-console-producer-benchmark-docker, repository does not exist or may require 'docker login': denied: User: arn:aws:sts::607546651489:assumed-role/nodes.dev.vet-dev.digitalecp.mcd.com/i-055276c817ba7a096 is not authorized to perform: ecr:BatchGetImage on resource: arn:aws:ecr:us-east-1:442285873998:repository/mcflow-dotnet-console-producer-benchmark-docker
我的 Kubernetes 實例正在 EC2 實例上運行。 如何在 ECR 中進行身份驗證,以便 Kubernetes 可以檢索圖像並在 pod 中運行它?
我們創建了一個 Helm 圖表來解決這個問題,希望對您有所幫助 - https://github.com/relizaio/helm-charts/#1-ecr-regcred
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.