Current status of this project

[mimmus]

Hi, I'm looking for a moderately sophisticated operator to manage ECR authentication on our Kubernetes (non-EKS) clusters. What is the status of your project? Is it currently maintained?

I was not able to understand if it automatically adds (by a webhook):

imagePullSecrets:
  - name: ecr-secret

to new deployments/pods (or serviceaccounts) or I need to modify my applications.

Thanks

[zak905]

Hi @mimmus,

the secret is created automatically by the operator, so you do not need to modify your manifests. Only the secret that contains the AWS access (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) need to be created by you. and it can be in any namespace For example, in your case, something like this should do:

apiVersion: aws.zakariaamine.com/v1alpha1
kind: AWSECRCredential
metadata:
  name: my-ecr-credentials
spec:
  awsAccess:
    secretName: aws-access
    namespace: default
  secretName: ecr-secret
  namespaces:
    - YOUR_APP_NAMESPACE
    - YOUR_APP_NAMESPACE_2

then a docker registry secret with the name ecr-secret will be created and automatically refreshed in YOUR_APP_NAMESPACE and YOUR_APP_NAMESPACE_2

Is it currently maintained?

Yes. I am not adding any new features at the moment, but I am keeping up with the golang updates to mitigate any vulnerabilities.

[mimmus]

At this point, we would need only some type of "blacklist" for namespaces, to exclude a specific list.

Thanks

[zak905]

If I undertand well, you would like the ability to specify which namespaces to exclude from the list, instead of having to list namespaces one by one. This should be doable, but may need some more events handling. For example, when a new namespace is created. TBH, I don't have enough bandwidth at the moment, so this may take a while.

[mimmus]

Yes, having an operator automatically injecting the Secret in every namespace except the system ones would be great!