search
Bonsai (0.13) DocsGitHubDiscord CommunityGarden Enterprise

AWS

hashtag
Setting up an ECR registry

Follow this guidearrow-up-right to create a private ECR registry on AWS.

Then follow this guidearrow-up-right to create an image pull secret so that your cluster can pull images from your registry.

Make note of the ImagePullSecret name and namespace.

hashtag
Enabling in-cluster building

For AWS ECR (Elastic Container Registry), you need to enable the ECR credential helper once for the repository by adding an imagePullSecret for you ECR repository.

First create a config.json somewhere with the following contents (<aws_account_id> and <region> are placeholders that you need to replace for your repo):

{
  "credHelpers": {
    "<aws_account_id>.dkr.ecr.<region>.amazonaws.com": "ecr-login"
  }
}

Next create the imagePullSecret in your cluster (feel free to replace the default namespace, just make sure it's correctly referenced in the config below):

kubectl --namespace default create secret generic ecr-config \
  --from-file=.dockerconfigjson=./config.json \
  --type=kubernetes.io/dockerconfigjson

Make note of the ImagePullSecret name and namespace.

hashtag
Configuring Access

To grant your service account the right permission to push to ECR, add this policy to each of the repositories in the container registry that you want to use with in-cluster building:

To grant developers permission to push and pull directly from a repository, see the AWS documentationarrow-up-right.

Previous2. Configure Container RegistryNextGCP

Last updated

Was this helpful?