Reputation: 4357
Kubernetes pull private external amazon ECR images
I have an Amazon account with a K8S cluster which is able to pull images from the same account's ECR repository.
But, my company have another account with another ECR repository. How can I pull image from this "external" ECR repository ?
I'am also a Rancher user and I used to do this by installing a special container (https://github.com/rancher/rancher-ecr-credentials) which does the job.
Is there something equivalent for Kubernetes?
Thanks for your precious help
Upvotes: 0
Views: 2863
Answers (1)
Reputation: 937
Since you already have this setup for pulling images from the same account, you can do this with IAM policy level or ECR permissions, in your other AWS account set up a policy specifying the AWS account number (where k8s is) that will be able to pull images
For example grant pull permissions in the ECR Permissions tab
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "k8s-aws-permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::aws_account_number:root"
},
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
]
}
]
}
Upvotes: 2
Related Questions
- Running a ECR image locally with helm and Kubernetes
- Pull image from ECR to Kubernetes deployment file
- Using a public ECR image in local Kubernetes cluster in Terraform
- AWS Allow Cross-account EKS Cluster to Pull Images from ECR
- How to make a deployment file for a kubernetes service that depends on images from Amazon ECR?
- kubectl pod fails to pull down an AWS ECR image
- Can anyone please guide how to pull private images from Kubernetes?
- access ecr images from within jenkins docker ecs container
- Pull images from Kubernetes running on AWS with ECR pulls images from the wrong region in other account
- Kubernetes authentication issues pulling ECR images