public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-21 20:35:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated RKE page for ECR plugin fixes

Browse Source
This commit is contained in:
Jennifer Travinski
2021-09-02 16:45:20 -04:00
parent 6e6eb6811f
commit 5fd87d531a
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rke/latest/en/config-options/private-registries/_index.md
+5 -5
View File
@@ -49,11 +49,11 @@ As of v0.1.10, you have to configure your private registry credentials, but you
Before v0.1.10, you had to configure your private registry credentials **and** update the names of all the [system images]({{<baseurl>}}/rke/latest/en/config-options/system-images/) in the `cluster.yml` so that the image names would have the private registry URL appended before each image name.
### ECR Private Registry Setup
### Amazon Elastic Container Registry (ECR) Private Registry Setup
There are two ways in which to provide ECR credentials to set up your ECR private registry: using an instance profile or adding a configuration snippet, which are hard-coded credentials in environment variables for the `kubelet` and credentials under the`credentialPlugin`.
[Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html) is an AWS managed container image registry service that is secure, scalable, and reliable. There are two ways in which to provide ECR credentials to set up your ECR private registry: using an instance profile or adding a configuration snippet, which are hard-coded credentials in environment variables for the `kubelet` and credentials under the `ecrCredentialPlugin`.
- **Instance Profile**: An instance profile is the preferred and more secure approach to provide ECR credentials (when running in EC2, etc.). The instance profile will be autodetected and use these credentials by default (using the Go AWS SDK credential lookup process).
- **Instance Profile**: An instance profile is the preferred and more secure approach to provide ECR credentials (when running in EC2, etc.). The instance profile will be autodetected and used by default. For more information on configuring an instance profile with ECR permissions, go [here](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam.html).
- **Configuration Snippet**: You will use the configuration snippet below rather than an instance profile only if the following conditions exist in your node:
@@ -61,7 +61,7 @@ There are two ways in which to provide ECR credentials to set up your ECR privat
- Node is an EC2 instance but does not have an instance profile configured
- Node is an EC2 instance and has an instance profile configured but has no permissions for ECR
> **Note:** The ECR credentials are only used in the `kubelet` and `credentialPlugin` areas. This is important to remember if you have issues while creating a new cluster or when pulling images during reconcile/upgrades.
> **Note:** The ECR credentials are only used in the `kubelet` and `ecrCredentialPlugin` areas. This is important to remember if you have issues while creating a new cluster or when pulling images during reconcile/upgrades.
>
> - Kubelet: For add-ons, custom workloads, etc., the instance profile or credentials are used by the
> downstream cluster nodes
@@ -76,7 +76,7 @@ There are two ways in which to provide ECR credentials to set up your ECR privat
- "AWS_ACCESS_KEY_ID=ACCESSKEY"
- "AWS_SECRET_ACCESS_KEY=SECRETKEY"
private_registries:
- url: ACCOUNTID.dkr.ecr.ap-southeast-2.amazonaws.com
- url: ACCOUNTID.dkr.ecr.region.amazonaws.com
is_default: true
ecrCredentialPlugin:
aws_access_key_id: "ACCESSKEY"