Skip to content

Commit 6ff5bbe

Browse files
chen-keinanchen-keinan
authored
Merge pull request #845 from snyk/feat/add-ecr-cred-helper
feat: add ecr-credential-helper to image
2 parents b0a0c71 + 611606d commit 6ff5bbe

File tree

2 files changed

+21
-1
lines changed

2 files changed

+21
-1
lines changed

Dockerfile

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#---------------------------------------------------------------------
2-
# STAGE 1: Build skopeo inside a temporary container
2+
# STAGE 1: Build skopeo and ecr-credentials-helper inside a temporary container
33
#---------------------------------------------------------------------
44
FROM fedora:32 AS skopeo-build
55

@@ -10,6 +10,9 @@ RUN cd $GOPATH/src/github.com/containers/skopeo \
1010
&& make bin/skopeo DISABLE_CGO=1 \
1111
&& make install
1212

13+
RUN go get -u github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
14+
RUN cp $HOME/go/bin/docker-credential-ecr-login /usr/local/bin/docker-credential-ecr-login
15+
1316
#---------------------------------------------------------------------
1417
# STAGE 2: Build the kubernetes-monitor
1518
#---------------------------------------------------------------------
@@ -43,6 +46,7 @@ RUN rm /install.sh
4346
WORKDIR /srv/app
4447

4548
COPY --chown=snyk:snyk --from=skopeo-build /usr/local/bin/skopeo /usr/bin/skopeo
49+
COPY --chown=snyk:snyk --from=skopeo-build /usr/local/bin/docker-credential-ecr-login /usr/bin/docker-credential-ecr-login
4650
COPY --chown=snyk:snyk --from=skopeo-build /etc/containers/registries.d/default.yaml /etc/containers/registries.d/default.yaml
4751
COPY --chown=snyk:snyk --from=skopeo-build /etc/containers/policy.json /etc/containers/policy.json
4852

snyk-monitor/README.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,22 @@ Create a file named `dockercfg.json`. Store your `dockercfg` in there; it should
5454
"eu.gcr.io": "gcloud",
5555
"staging-k8s.gcr.io": "gcloud"
5656
}
57+
58+
// If your cluster runs on EKS and you are using ECR, add the following:
59+
{
60+
"credsStore": "ecr-login"
61+
}
62+
63+
With Docker 1.13.0 or greater, you can configure Docker to use different credential helpers for different registries.
64+
To use this credential helper for a specific ECR registry, create a credHelpers section with the URI of your ECR registry:
65+
66+
{
67+
"credHelpers": {
68+
"public.ecr.aws": "ecr-login",
69+
"<aws_account_id>.dkr.ecr.<region>.amazonaws.com": "ecr-login"
70+
}
71+
}
72+
5773
}
5874
```
5975
Finally, create the secret in Kubernetes by running the following command:

0 commit comments

Comments
 (0)