Closed JamesWojewoda closed 6 years ago
hashmap
commented
6 years ago Currently Klar doesn't rely on docker at all, in fact you don't even need docker to be installed on the host. As result it doesn't use .docker/config.json see https://github.com/optiopay/klar/issues/18 and can't use docker credential helper.
JamesWojewoda
commented
6 years ago Is there a way to utilize IAM roles however? (Sorry, should have rephrased my question more clearly). This would be important for security so there aren't tokens being passed to my container running klar in k8s, and it can utilize the IAM role for permissions to access the ECS repo.
hashmap
commented
6 years ago My IAM skills are a bit rusty, but do I understand correctly that you want run klar in a vm owned by IAM user and don't specify the user token? Should work for some AWS services, not sure about docker registry. Easier to just test, would be interesting to know if it works.
hashmap
commented
6 years ago Closing for now, feel free to reopen
Currently utilizing klar, and would love to run it hand and hand with something such as amazon-ecr-credential-helper. With this you can utilize a role associated with your node that gives it permissions to access ECR without having to refederate with ecr get-login for example. However, you currently have to use docker user aws/docker password. Is there any way to bypass this?