Docker for AWS - ECR Auto-Authentication Patch
Jake Buchholz <tomalok at gmail dot com>
This patch adds caching of AWS ECR credentials to Docker for AWS clusters.
Specifically, the patch...
- Adds a read-only "ecr-policy" and attaches it to the Proxy (manager) and Worker roles.
- Installs a script that basically does $(aws ecr get-login --no-include-email) for the root and docker users.
- Sets up a cron job (on the moby instance) to run the script once every 8 hours. Credentials are available in the shell-aws container because it mounts moby's /home/docker.
- Runs the script once.
Patch diff:
17.09.0-ce-aws1-tomalok1.diff
Patched CloudFormation template:
17.09.0-ce-aws1-tomalok1.tmpl
Install script (downloaded by and runs from CloudFormation template):
install-refresh-ecr-auth.sh
Reference issue:
https://github.com/docker/for-aws/issues/5
DISCLAIMER
This patch is hereby released into the public domain in the hope that it will be useful, but without any warranty of any kind, expressed or implied.
In no event will the author of this patch be held liable for any damages or consequences of its use or misuse.