AWS ECR PULL no basic auth credentials
I'm deploying Azure K8s cluster with Terraform, and the image is hosted in Amazon ECR. The deployment fails at the image pull from the ECR with the following error:
Failed to pull image "tooot.eu-west-1.amazonaws.com/app-t:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://tooot.eu-west-1.amazonaws.com/v2/app-t/manifests/latest: no basic auth credentials
the following is my kuberentes resource in the terraform template
metadata {
name = "terraform-app-deployment-example"
labels {
test = "app-deployment"
}
}
spec {
replicas = 6
selector {
match_labels {
test = "app-deployment"
}
}
template {
metadata {
labels {
test = "app-deployment"
}
}
spec {
container {
image = "toot.eu-west-1.amazonaws.com/app-t:latest"
name = "app"
}
}
}
}
}`
Answer
Basically you are lacking credentials to pull images from AWS.
You need to create a regcred, which contains the login credentials:
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
After that you need to add the regcred on your terraform configuration. I have not worked with templates, but in a deploy specification you would add a field called imagePullSecrets.
https://www.terraform.io/docs/providers/kubernetes/r/deployment.html
The imagePullSecrets description:
image_pull_secrets - (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored