Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #840 from relu/fix-image-update-docs-ecr-cronjob

Browse Source 
Improve image update CronJob examples
pull/841/head
Hidde Beydals 4 years ago committed by GitHub
parent 6f525356cb d5f45800ae
commit e1895a4e21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File

27
docs/guides/image-update.md
Unescape Escape View File

@ -484,6 +484,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: ecr-credentials-sync
namespace: flux-system
# Uncomment and edit if using IRSA
# annotations:
# eks.amazonaws.com/role-arn: <role arn>
@ -533,8 +534,8 @@ spec:
imagePullPolicy: IfNotPresent
env:
- name: SECRET_NAME
value: <secret name> # this is the generated Secret name
- name:
value: ecr-credentials
- name: ECR_REGISTRY
value: <account id>.dkr.ecr.<region>.amazonaws.com # fill in the account id and region
volumeMounts:
- mountPath: /token
@ -563,6 +564,16 @@ you can manually create an init job using the following command:
$ kubectl create job --from=cronjob/ecr-credentials-sync -n flux-system ecr-credentials-sync-init
```
After the job runs, a secret named `ecr-credentials` should be created. Use this
name in your ECR ImageRepository resource manifest as the value for
`.spec.secretRef.name`.
```yaml
spec:
secretRef:
name: ecr-credentials
```
### GCP Container Registry
#### Using access token [short-lived]
@ -641,7 +652,7 @@ spec:
imagePullPolicy: IfNotPresent
env:
- name: SECRET_NAME
value: <SECRET_NAME> # this is the generated Secret name
value: gcr-credentials
- name: GCR_REGISTRY
value: <REGISTRY_NAME> # fill in the registry name e.g gcr.io, eu.gcr.io
command:
@ -662,6 +673,16 @@ you can manually create an init job using the following command:
$ kubectl create job --from=cronjob/gcr-credentials-sync -n flux-system gcr-credentials-sync-init
```
After the job runs, a secret named `gcr-credentials` should be created. Use this
name in your GCR ImageRepository resource manifest as the value for
`.spec.secretRef.name`.
```yaml
spec:
secretRef:
name: gcr-credentials
```
#### Using a JSON key [long-lived]
!!! warning "Less secure option"

Write Preview
Loading…
Cancel
Save