-
-
Notifications
You must be signed in to change notification settings - Fork 992
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ExternalDNS generated policy lacks ECR authToken generator permissions #514
Comments
this permission is already present, no? the nodes themselves need these permissions to pull the necessary images so therefore the IAM roles that run on the nodes inherit these permissions |
they are present on the node, but since the service account is used, the IAM role from the node cannot be used |
See snippet of logs on the pod
Then I added the permissions manualy and that worked instantly |
do your nodes have the |
yep they do have. That's the workaround I will use : attach that policy to my role |
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.
Is your request related to a problem? Please describe.
We are using External Secrets Generator for ECR. The goal is to have external Secret generating a secret with an ECR token, in order to use ArgoCD and helm charts stored on ECR.
We use :
The policy lacks some ECR permissions which should be
Yaml used to use the feature :
Describe the solution you'd like.
Have the policy used when the parameter
attach_external_secrets_policy
is set totrue
Describe alternatives you've considered.
Adding a custom policy or add
AWSAppRunnerServicePolicyForECRAccess
AWS Managed policy through a new parameter external_secrets_use_ecr_auth_tokenAdditional context
Documentation to ECR generator.
The text was updated successfully, but these errors were encountered: