Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-02-06 19:05:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clarify how to use the generated cronjob secret

Browse Source 
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
This commit is contained in:
Aurel Canciu
2021-02-01 16:31:58 +02:00
committed by Hidde Beydals
parent 51f9d249ff
commit d5f45800ae
1 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs/guides/image-update.md
View File

@@ -484,6 +484,7 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: ecr-credentials-sync name: ecr-credentials-sync
namespace: flux-system
# Uncomment and edit if using IRSA # Uncomment and edit if using IRSA
# annotations: # annotations:
# eks.amazonaws.com/role-arn: <role arn> # eks.amazonaws.com/role-arn: <role arn>
@@ -533,7 +534,7 @@ spec:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: SECRET_NAME - name: SECRET_NAME
value: <secret name> # this is the generated Secret name value: ecr-credentials
- name: ECR_REGISTRY - name: ECR_REGISTRY
value: <account id>.dkr.ecr.<region>.amazonaws.com # fill in the account id and region value: <account id>.dkr.ecr.<region>.amazonaws.com # fill in the account id and region
volumeMounts: volumeMounts:
@@ -563,6 +564,16 @@ you can manually create an init job using the following command:
$ kubectl create job --from=cronjob/ecr-credentials-sync -n flux-system ecr-credentials-sync-init $ kubectl create job --from=cronjob/ecr-credentials-sync -n flux-system ecr-credentials-sync-init
``` ```
After the job runs, a secret named `ecr-credentials` should be created. Use this
name in your ECR ImageRepository resource manifest as the value for
`.spec.secretRef.name`.
```yaml
spec:
secretRef:
name: ecr-credentials
```
### GCP Container Registry ### GCP Container Registry
#### Using access token [short-lived] #### Using access token [short-lived]
@@ -641,7 +652,7 @@ spec:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: SECRET_NAME - name: SECRET_NAME
value: <SECRET_NAME> # this is the generated Secret name value: gcr-credentials
- name: GCR_REGISTRY - name: GCR_REGISTRY
value: <REGISTRY_NAME> # fill in the registry name e.g gcr.io, eu.gcr.io value: <REGISTRY_NAME> # fill in the registry name e.g gcr.io, eu.gcr.io
command: command:
@@ -662,6 +673,16 @@ you can manually create an init job using the following command:
$ kubectl create job --from=cronjob/gcr-credentials-sync -n flux-system gcr-credentials-sync-init $ kubectl create job --from=cronjob/gcr-credentials-sync -n flux-system gcr-credentials-sync-init
``` ```
After the job runs, a secret named `gcr-credentials` should be created. Use this
name in your GCR ImageRepository resource manifest as the value for
`.spec.secretRef.name`.
```yaml
spec:
secretRef:
name: gcr-credentials
```
#### Using a JSON key [long-lived] #### Using a JSON key [long-lived]
!!! warning "Less secure option" !!! warning "Less secure option"