K
Q

How to enable access from on-premise kubernetes to AWS?

9/7/2020

I'm new to on-premise kubernetes cluster, and am having hard time accessing the AWS services such as ECR. (As all my images are in ECR) Is there a way to authenticate and authorize on-premise kubernetes cluster to AWS?

-- Piljae Chae
amazon-web-services
kubernetes

Similar Questions

Kubernetes Nginx many small pods vs one pod per node
kubernetes: Difference between whats requested and allocated by Docker
Execute MySQL Command in Kubernetes POD
How do I correctly setup Gitlab CI for Google cloud with SQL
Ansible: Obtain api_token from gce_container_cluster

1 Answer

9/7/2020

What you need is to setup proper IAM policy permission to access your ECR registry.

The Amazon EKS worker node IAM role (NodeInstanceRole) that you use with your worker nodes must possess the following IAM policy permissions for Amazon ECR.

Here`s an example: 

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "ecr:BatchCheckLayerAvailability",
            "ecr:BatchGetImage",
            "ecr:GetDownloadUrlForLayer",
            "ecr:GetAuthorizationToken"
        ],
        "Resource": "*"
    }
]

}

You can read more here about repository policies.

-- acid_fuji
Source: StackOverflow