actions/fluxcd-flux2
3
0
Fork 0
mirror of https://github.com/fluxcd/flux2.git synced 2026-02-09 09:17:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #840 from relu/fix-image-update-docs-ecr-cronjob

Browse source 
Improve image update CronJob examples
This commit is contained in:
Hidde Beydals 2021-02-01 17:49:31 +01:00 committed by GitHub
commit e1895a4e21
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
docs/guides/image-update.md
View file

@ -484,6 +484,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: ecr-credentials-sync
namespace: flux-system
# Uncomment and edit if using IRSA
# annotations:
# eks.amazonaws.com/role-arn: <role arn>
@ -533,8 +534,8 @@ spec:
imagePullPolicy: IfNotPresent
env:
- name: SECRET_NAME
value: <secret name> # this is the generated Secret name
- name:
value: ecr-credentials
- name: ECR_REGISTRY
value: <account id>.dkr.ecr.<region>.amazonaws.com # fill in the account id and region
volumeMounts:
- mountPath: /token
@ -563,6 +564,16 @@ you can manually create an init job using the following command:
$ kubectl create job --from=cronjob/ecr-credentials-sync -n flux-system ecr-credentials-sync-init
```
After the job runs, a secret named `ecr-credentials` should be created. Use this
name in your ECR ImageRepository resource manifest as the value for
`.spec.secretRef.name`.
```yaml
spec:
secretRef:
name: ecr-credentials
```
### GCP Container Registry
#### Using access token [short-lived]
@ -641,7 +652,7 @@ spec:
imagePullPolicy: IfNotPresent
env:
- name: SECRET_NAME
value: <SECRET_NAME> # this is the generated Secret name
value: gcr-credentials
- name: GCR_REGISTRY
value: <REGISTRY_NAME> # fill in the registry name e.g gcr.io, eu.gcr.io
command:
@ -662,6 +673,16 @@ you can manually create an init job using the following command:
$ kubectl create job --from=cronjob/gcr-credentials-sync -n flux-system gcr-credentials-sync-init
```
After the job runs, a secret named `gcr-credentials` should be created. Use this
name in your GCR ImageRepository resource manifest as the value for
`.spec.secretRef.name`.
```yaml
spec:
secretRef:
name: gcr-credentials
```
#### Using a JSON key [long-lived]
!!! warning "Less secure option"