The preparations described below are required to install Usage Engine using Helm charts and Docker images. Read through the steps below and follow each step before installing.
...
Copy the below content in a yaml file and make sure to update the namespaces and access keys.
This example update The yaml code below updates the secret ecr-cred every 8 hours in the given namespace.
...
Code Block |
---|
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ecr-credentials-sync
namespace: <your namespace>
rules:
- apiGroups: [""]
resources:
- secrets
verbs:
- get
- create
- patch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ecr-credentials-sync
namespace: <your namespace>
subjects:
- kind: ServiceAccount
name: ecr-credentials-sync
roleRef:
kind: Role
name: ecr-credentials-sync
apiGroup: ""
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ecr-credentials-sync
namespace: <your namespace>
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: ecr-credentials-sync
namespace: <your namespace>
spec:
suspend: false
schedule: 0 */8 * * *
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
serviceAccountName: ecr-credentials-sync
restartPolicy: Never
volumes:
- name: token
emptyDir:
medium: Memory
initContainers:
- image: amazon/aws-cli
name: get-token
imagePullPolicy: IfNotPresent
env:
- name: AWS_ACCESS_KEY_ID
value: <access key provided by Digitalroute>
- name: AWS_SECRET_ACCESS_KEY
value: <secret access key provided by Digitalroute>
- name: REGION
value: eu-west-1
volumeMounts:
- mountPath: /token
name: token
command:
- /bin/sh
- -ce
- aws ecr get-login-password --region ${REGION} > /token/ecr-token
containers:
- image: bitnami/kubectl
name: create-secret
imagePullPolicy: IfNotPresent
env:
- name: SECRET_NAME
value: ecr-cred
volumeMounts:
- mountPath: /token
name: token
command:
- /bin/sh
- -ce
- |-
kubectl create secret docker-registry $SECRET_NAME \
--dry-run=client \
--docker-server=https://462803626708.dkr.ecr.eu-west-1.amazonaws.com \
--docker-username=AWS \
--docker-password="$(cat /token/ecr-token)" \
-o yaml | kubectl apply -f -
|
Code Block |
---|
$ touch cronjob-k8s-ecr-secret.yaml // paste the above code in the file. $ kubectl apply -f cronjob-k8s-ecr-secret.yaml |