I'm new to on-premise kubernetes cluster, and am having hard time accessing the AWS services such as ECR. (As all my images are in ECR) Is there a way to authenticate and authorize on-premise kubernetes cluster to AWS?
What you need is to setup proper IAM policy permission to access your ECR registry.
The Amazon EKS worker node IAM role (
NodeInstanceRole
) that you use with your worker nodes must possess the following IAM policy permissions for Amazon ECR.
Here`s an example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
You can read more here about repository policies.