Open mimmus opened 1 year ago
Hi @mimmus,
the secret is created automatically by the operator, so you do not need to modify your manifests. Only the secret that contains the AWS access (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) need to be created by you. and it can be in any namespace For example, in your case, something like this should do:
apiVersion: aws.zakariaamine.com/v1alpha1
kind: AWSECRCredential
metadata:
name: my-ecr-credentials
spec:
awsAccess:
secretName: aws-access
namespace: default
secretName: ecr-secret
namespaces:
- YOUR_APP_NAMESPACE
- YOUR_APP_NAMESPACE_2
then a docker registry secret with the name ecr-secret
will be created and automatically refreshed in YOUR_APP_NAMESPACE and YOUR_APP_NAMESPACE_2
Is it currently maintained?
Yes. I am not adding any new features at the moment, but I am keeping up with the golang updates to mitigate any vulnerabilities.
At this point, we would need only some type of "blacklist" for namespaces, to exclude a specific list.
Thanks
If I undertand well, you would like the ability to specify which namespaces to exclude from the list, instead of having to list namespaces one by one. This should be doable, but may need some more events handling. For example, when a new namespace is created. TBH, I don't have enough bandwidth at the moment, so this may take a while.
Yes, having an operator automatically injecting the Secret in every namespace except the system ones would be great!
Hi, I'm looking for a moderately sophisticated operator to manage ECR authentication on our Kubernetes (non-EKS) clusters. What is the status of your project? Is it currently maintained?
I was not able to understand if it automatically adds (by a webhook):
to new deployments/pods (or serviceaccounts) or I need to modify my applications.
Thanks