Versions Compared

Old Version 10

changes.mady.by.user Johan Olsson

Saved on

compared with

New Version 11

changes.mady.by.user Johan Olsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The preparations described below are required to install Usage Engine using Helm charts and Docker images. Read through the steps below and follow each step before installing.

...

Copy the below content in a yaml file and make sure to update the namespaces and access keys.

This example update The yaml code below updates the secret ecr-cred every 8 hours in the given namespace.

...

Code Block
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ecr-credentials-sync
  namespace: <your namespace>
rules:
- apiGroups: [""]
  resources:
  - secrets
  verbs:
  - get
  - create
  - patch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ecr-credentials-sync
  namespace: <your namespace>
subjects:
- kind: ServiceAccount
  name: ecr-credentials-sync
roleRef:
  kind: Role
  name: ecr-credentials-sync
  apiGroup: ""
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ecr-credentials-sync
  namespace: <your namespace>
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: ecr-credentials-sync
  namespace: <your namespace>
spec:
  suspend: false
  schedule: 0 */8 * * *
  failedJobsHistoryLimit: 1
  successfulJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: ecr-credentials-sync
          restartPolicy: Never
          volumes:
          - name: token
            emptyDir:
              medium: Memory
          initContainers:
          - image: amazon/aws-cli
            name: get-token
            imagePullPolicy: IfNotPresent
            env:
 			- name: AWS_ACCESS_KEY_ID
			  value: <access key provided by Digitalroute>
			- name: AWS_SECRET_ACCESS_KEY
			  value: <secret access key provided by Digitalroute>
            - name: REGION
              value: eu-west-1
            volumeMounts:
            - mountPath: /token
              name: token
            command:
            - /bin/sh
            - -ce
            - aws ecr get-login-password --region ${REGION} > /token/ecr-token
          containers:
          - image: bitnami/kubectl
            name: create-secret
            imagePullPolicy: IfNotPresent
            env:
            - name: SECRET_NAME
              value: ecr-cred
            volumeMounts:
            - mountPath: /token
              name: token
            command:
            - /bin/sh
            - -ce
            - |-
              kubectl create secret docker-registry $SECRET_NAME \
                --dry-run=client \
                --docker-server=https://462803626708.dkr.ecr.eu-west-1.amazonaws.com \
                --docker-username=AWS \
                --docker-password="$(cat /token/ecr-token)" \
                -o yaml | kubectl apply -f -



Code Block
$ touch cronjob-k8s-ecr-secret.yaml
// paste the above code in the file.
$ kubectl apply -f cronjob-k8s-ecr-secret.yaml