I have created EKS Cluster. I also have docker image in ECR. I am not sure how to use the docker image in pod definition in YAML.
Is it required to give credentials in secret? or EKS IAM role should have permission for ECR?
Any changes in permission have to do for Image in ECR ?
If you followed the EKS getting started guide, everything will work out of the box and you just have to specify the the full image name (e.g. ACCOUNT.dkr.ecr.REGION.amazonaws.com/imagename:tag
) in the Pod definition (spec.containers.image
field).
It works because Kubernetes has native support for ECR
and the CloudFormation template for the Kubernetes worker nodes attaches an AmazonEC2ContainerRegistryReadOnly
policy to the instance profile.