upmc-enterprises / registry-creds

Allow for AWS ECR, Google Registry, & Azure Container Registry credentials to be refreshed inside your Kubernetes cluster via ImagePullSecrets
Other
347 stars 123 forks source link

Attempting to get working #74

Open andrewjkrull opened 5 years ago

andrewjkrull commented 5 years ago
  1. What is the correct entry in the secrets.yml file for aws-assume-role if I am not using it? aws-assume-role: ""

  2. Why is AWS_SESSION_TOKEN in secrets.yml file twice? One is showing a value and the other isn't?

  3. What is the value for using the Docker private for imagePullSecrets?

  4. I deploy the secrets.yml file and then the replicationController but the replicator can't seem get the image upmcenterprises/registry-creds pulled into Kube. I can pull it locally to the node


Namespace:    kube-system
Selector:     name=registry-creds,version=v1.9
Labels:       version=v1.6
Annotations:  <none>
Replicas:     1 current / 1 desired
Pods Status:  0 Running / 1 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:  name=registry-creds
           version=v1.9
  Containers:
   registry-creds:
    Image:      upmcenterprises/registry-creds:1.9
    Port:       <none>
    Host Port:  <none>
    Environment:
      AWS_ACCESS_KEY_ID:                 <set to the key 'AWS_ACCESS_KEY_ID' in secret 'registry-creds-ecr'>                 Optional: false
      AWS_SECRET_ACCESS_KEY:             <set to the key 'AWS_SECRET_ACCESS_KEY' in secret 'registry-creds-ecr'>             Optional: false
      awsaccount:                        <set to the key 'aws-account' in secret 'registry-creds-ecr'>                       Optional: false
      awsregion:                         <set to the key 'aws-region' in secret 'registry-creds-ecr'>                        Optional: false
      aws_assume_role:                   <set to the key 'aws-assume-role' in secret 'registry-creds-ecr'>                   Optional: false
      DOCKER_PRIVATE_REGISTRY_PASSWORD:  <set to the key 'DOCKER_PRIVATE_REGISTRY_PASSWORD' in secret 'registry-creds-dpr'>  Optional: false
      DOCKER_PRIVATE_REGISTRY_SERVER:    <set to the key 'DOCKER_PRIVATE_REGISTRY_SERVER' in secret 'registry-creds-dpr'>    Optional: false
      DOCKER_PRIVATE_REGISTRY_USER:      <set to the key 'DOCKER_PRIVATE_REGISTRY_USER' in secret 'registry-creds-dpr'>      Optional: false
    Mounts:
      /root/.config/gcloud from gcr-creds (ro)
  Volumes:
   gcr-creds:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  registry-creds-gcr
    Optional:    false
Events:
  Type    Reason            Age   From                    Message
  ----    ------            ----  ----                    -------
  Normal  SuccessfulCreate  45s   replication-controller  Created pod: registry-creds-24kfm```

I am really hoping to be able to use this tool and standardize on docker registry interactions.

Thank you for making this tool. 
nvanheuverzwijn commented 5 years ago

I would recommend you to use this helm chart : https://hub.helm.sh/charts/kir4h/registry-creds

The awsAssumeRole should be the arm : arn:aws:iam::611542441284:role/yourrolename

The imagePullSecrets should be registry-creds-dpr for docker registry.