Created
April 18, 2018 21:38
-
-
Save xynova/2f6693da63178ebf5456e54d927fc998 to your computer and use it in GitHub Desktop.
AWS registry proxy config operator job
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Creates aws registry credentials for the first time | |
| # https://medium.com/@xynova/keeping-aws-registry-pull-credentials-fresh-in-kubernetes-2d123f581ca6 | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| name: aws-registry-credential-job | |
| spec: | |
| backoffLimit: 4 | |
| template: | |
| spec: | |
| serviceAccountName: operator | |
| terminationGracePeriodSeconds: 0 | |
| restartPolicy: Never | |
| volumes: | |
| - name: config-tpl | |
| configMap: | |
| defaultMode: 420 | |
| name: aws-registry-proxy-tpl | |
| containers: | |
| - name: kubectl | |
| imagePullPolicy: Always | |
| image: xynova/aws-kubectl:latest | |
| volumeMounts: | |
| - mountPath: /tmp/tpl | |
| name: config-tpl | |
| command: | |
| - "/bin/sh" | |
| - "-c" | |
| - | | |
| REGISTRY_ID=<XXXXXXXXXXXX> | |
| DOCKER_USER=AWS | |
| DOCKER_PASSWORD=`aws ecr get-login --region ap-southeast-2 --registry-ids $REGISTRY_ID | cut -d' ' -f6` | |
| export DOCKER_REGISTRY_SERVER=https://$REGISTRY_ID.dkr.ecr.ap-southeast-2.amazonaws.com | |
| export REGISTRY_BASICAUTH="$DOCKER_USER:$DOCKER_PASSWORD" | |
| # UPDATE pull-secrets | |
| kubectl create secret docker-registry aws-registry --dry-run --validate=false -o yaml \ | |
| --docker-server=$DOCKER_REGISTRY_SERVER \ | |
| --docker-username=$DOCKER_USER \ | |
| --docker-password=$DOCKER_PASSWORD \ | |
| [email protected] \ | |
| | kubectl apply --validate=false -f - | |
| # Create new config template | |
| gomplate --file /tmp/tpl/registry.conf > /tmp/registry.conf | |
| # UPDATE aws-registry-proxy-config with fresh docker registry credentials | |
| kubectl create configmap aws-registry-proxy-config --dry-run --validate=false -o yaml \ | |
| --from-file=/tmp/registry.conf \ | |
| | kubectl apply --validate=false -f - | |
| # Bump the proxy so that it picks the new config | |
| PATCH_TRIGGER=`printf '{ "spec": { "template":{ "metadata": { "labels" : { "triggered": "(DATE)"}}}}}' | sed "s/(DATE)/$(date +%Y-%m-%d-%H-%M-%S)/"` | |
| kubectl patch deployment aws-registry-proxy -p "$PATCH_TRIGGER" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment