K
Q

Unable to use the image ( in ECR ) in K8S cluster

11/14/2017

I am trying to pull the image from the ECR repository inside the Kubernetes cluster, but I am not able to do this.

I tried creating a secret and updated in the pod file, but I am not able to do this I am getting an error "no basic auth credentials".

Please can anyone give me the step by step instructions to pull the image from a ECR repository inside the Kubernetes cluster.

-- harish
amazon-web-services
docker
docker-compose
dockerfile
kubernetes

Similar Questions

Persistent Volume claims attached to deployment throws an error when deployment image is updated
helm install --name=mariadb ./mariadb --namespace=openstack is not running
Azure Container Service Kubernetes: How to Change VM Size?
Need help on volume mount issue with kubernetes

2 Answers

1/28/2018

Your problem may be caused by the fact that ECR credentials work only for 12 hours, so maybe you are trying to use expired credentials.

I recommend you to have a look at upmc-enterprises/registry-creds. This tool can be installed on your cluster and automatically refresh ECR/GCR credentials before they expire.

-- Alik Khilazhev
Source: StackOverflow
3/14/2019

Alternatively, you can assign an IAM role to the nodes of your cluster to pull the images from ECR. Please find below an example role to pull images from ECR.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecr:GetAuthorizationToken",
        "ecr:BatchCheckLayerAvailability",
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage"
      ],
      "Resource": "*"
    }
  ]
}
-- Razan Paul
Source: StackOverflow