The method suggested by Naadir will not work on GKE. - Most of the node filesystem is not writable (readonly), this includes PATH directories. - GKE nodes don't have individual setup (it may delete nodes during a scale down or a repair) so the new nodes will require the setup again. - If I recall correctly, the VM startup script doesn't work on GKE either, you can't set up new nodes with this.
On Tue, May 8, 2018 at 9:45 PM Naadir Jeewa <naa...@scalefactory.com> wrote: > Some of the stuff in that minikube thread is a bit out of date I think. > > This should work: > > Configure your Docker daemon (this will also work with CRI-O) to get ECR > credentials using https://github.com/awslabs/amazon-ecr-credential-helper, > configure an IAM user with appropriate access to your ECR registries, and > place a shared credential file > <https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html> > in > /root/.aws/credentials. Then you can refer to ECR images in your pod specs > as normal. > > Naadir Jeewa | Platform Lead | The Scale Factory > > On 9 May 2018 at 05:22, 'Ahmet Alp Balkan' via Kubernetes user discussion > and Q&A <kubernetes-users@googlegroups.com> wrote: > >> What you're looking for is documentation from AWS explaining how to >> access ECR in headless mode with credentials don't expire quickly (in 1 >> hour etc). I was not able to find such documentation with a quick search >> (for reference GCR equivalent of this is documented here >> <https://cloud.google.com/container-registry/docs/advanced-authentication#json_key_file> >> ). >> >> It looks like this same question is asked here (but for minikube) and has >> some solutions: https://github.com/kubernetes/minikube/issues/366 >> >> On Tue, May 8, 2018 at 11:16 AM Ajay S <linux.ajaysaw...@gmail.com> >> wrote: >> >>> Hello All, >>> >>> Can we use AWS ECR in GKE? I read somewhere that for pulling images from >>> AWS ECR you need to assign some roles to the instance which I guess can't >>> be assigned to Google Cloud Compute VMs. I tried it with Kubernetes secrets >>> but everytime it is failing. >>> >>> If we can access AWS ECR from GKE, can someone direct me to some help >>> pages? >>> >>> Regards, >>> Ajay >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Kubernetes user discussion and Q&A" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to kubernetes-users+unsubscr...@googlegroups.com. >>> To post to this group, send email to kubernetes-users@googlegroups.com. >>> Visit this group at https://groups.google.com/group/kubernetes-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to kubernetes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to kubernetes-users@googlegroups.com. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.