#docs (2019-04)
Discussions related to https://github.com/cloudposse/docs
Archive: https://archive.sweetops.com/docs/
2019-04-10
Hello, checking on the status of the docs for https://github.com/cloudposse/terraform-aws-kops-ecr
The usage section is showing an older version of the modules.
When I update my code to point at the latest releases of the two mentioned modules, I get this:
module.kops_ecr.module.kops_metadata.data.aws_security_group.bastion: data.aws_security_group.bastion: no matching SecurityGroup found
@Stephen Lawrence yes, ignore those version numbers.
Use the latest per the release.
here’s another example: https://github.com/cloudposse/terraform-root-modules/tree/master/aws/ecr
2019-04-11
I see, I am looking for a quick way to get an ECR + a user for our kubernetes cluster + ci to access.
What we do is grant the nodes’ instance profile/role access to ECR
that way it’s seamless
are you using kops?
Yes, we have kops building our VPC and k8s cluster
perfect.
this is how we do it: https://github.com/cloudposse/terraform-root-modules/blob/master/aws/ecr/kops_ecr_app.tf
@Erik Osterman (Cloud Posse) I would need to create an assumable role outside of this?
2019-04-12
So you would provision your ECR repo like this:
module "kops_ecr_app" {
source = "git::<https://github.com/cloudposse/terraform-aws-ecr.git?ref=tags/0.4.0>"
namespace = "${var.namespace}"
stage = "${var.stage}"
name = "${var.kops_ecr_app_repository_name}"
enabled = "${var.kops_ecr_app_enabled}"
principals_full_access = ["${local.principals_full_access}"]
principals_readonly_access = ["${local.principals_readonly_access}"]
tags = "${module.label.tags}"
}
where principals_readonly_access are the principals of your kops cluster nodes & masters
that says, create a new ECR repo for an “app” (since you need one repo per app in AWS; not like in docker hub)
then allow principals_readonly_access to pull from that repo