#docs (2019-04)

Discussions related to https://github.com/cloudposse/docs

Archive: https://archive.sweetops.com/docs/

2019-04-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

So you would provision your ECR repo like this:

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
module "kops_ecr_app" {
  source    = "git::<https://github.com/cloudposse/terraform-aws-ecr.git?ref=tags/0.4.0>"
  namespace = "${var.namespace}"
  stage     = "${var.stage}"
  name      = "${var.kops_ecr_app_repository_name}"

  enabled = "${var.kops_ecr_app_enabled}"

  principals_full_access     = ["${local.principals_full_access}"]
  principals_readonly_access = ["${local.principals_readonly_access}"]

  tags = "${module.label.tags}"
}

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

where principals_readonly_access are the principals of your kops cluster nodes & masters

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that says, create a new ECR repo for an “app” (since you need one repo per app in AWS; not like in docker hub)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

then allow principals_readonly_access to pull from that repo

2019-04-11

Stephen Lawrence avatar
Stephen Lawrence

I see, I am looking for a quick way to get an ECR + a user for our kubernetes cluster + ci to access.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

What we do is grant the nodes’ instance profile/role access to ECR

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that way it’s seamless

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you using kops?

Stephen Lawrence avatar
Stephen Lawrence

Yes, we have kops building our VPC and k8s cluster

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

perfect.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

Stephen Lawrence avatar
Stephen Lawrence

@Erik Osterman (Cloud Posse) I would need to create an assumable role outside of this?

2019-04-10

Stephen Lawrence avatar
Stephen Lawrence

Hello, checking on the status of the docs for https://github.com/cloudposse/terraform-aws-kops-ecr

cloudposse/terraform-aws-kops-ecr

Terraform module to provision an ECR repository and grant users and kubernetes nodes access to it. - cloudposse/terraform-aws-kops-ecr

Stephen Lawrence avatar
Stephen Lawrence

The usage section is showing an older version of the modules.

Stephen Lawrence avatar
Stephen Lawrence

When I update my code to point at the latest releases of the two mentioned modules, I get this: module.kops_ecr.module.kops_metadata.data.aws_security_group.bastion: data.aws_security_group.bastion: no matching SecurityGroup found

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Stephen Lawrence yes, ignore those version numbers.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Use the latest per the release.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

    keyboard_arrow_up