Last active
November 24, 2020 09:44
-
-
Save AmitDJagtap/5cac852074f5bb98c50708f9ab921896 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: batch/v1beta1 | |
| kind: CronJob # Tell kuber' that this is a cronjob | |
| metadata: | |
| annotations: | |
| name: ecr-cred-helper # Name of the job ,can be anything | |
| namespace: default | |
| spec: | |
| concurrencyPolicy: Allow | |
| failedJobsHistoryLimit: 1 | |
| jobTemplate: | |
| metadata: | |
| creationTimestamp: null | |
| spec: | |
| template: | |
| metadata: | |
| creationTimestamp: null | |
| spec: | |
| containers: # the conatiner that will be triggerd by cronjob | |
| - image: odaniait/aws-kubectl:latest # the base iamge to be used to run our shell script | |
| imagePullPolicy: IfNotPresent # as per your requirement | standard | read docs | |
| name: ecr-cred-helper # as per your requirement | standard | read docs | |
| command: # our script goes here | |
| - /bin/sh # standard | set the entry point for execution after cron triggered | |
| - -c # standard | |
| - |- # actuall script starts + some stuff to execute pipe script when config is sent ot kuber' | |
| ACCOUNT=1234567890 # custom script | your aws account id | |
| REGION=my-region-1 # custom script | your aws account region of choice | |
| SECRET_NAME=${REGION}-ecr-registry # custom script | name of secret | |
| EMAIL=anymail.doesnt.matter@email.com # custom script | any email address | |
| TOKEN=`aws ecr get-login --region ${REGION} --registry-ids ${ACCOUNT} | cut -d' ' -f6` # custom script | this will call AWS ECr to gewt login password and store it in TOKEN | |
| echo "ENV variables setup done." | |
| kubectl delete secret --ignore-not-found $SECRET_NAME # custom script | delte previous secret if any | |
| kubectl create secret docker-registry $SECRET_NAME \ # custom script | create secret with given params | |
| --docker-server=https://${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com \ | |
| --docker-username=AWS \ | |
| --docker-password="${TOKEN}" \ | |
| --docker-email="${EMAIL}" | |
| echo "Secret created by name. $SECRET_NAME" | |
| kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"'$SECRET_NAME'"}]}' # custom script | update the deafult servciee account | |
| echo "All done." | |
| env: # container | envoirnment vars needed for aws config | |
| - name: AWS_DEFAULT_REGION # container | aws will auto detect this account region | |
| value: my-region-1 | |
| - name: AWS_SECRET_ACCESS_KEY # container | aws will auto detect this account secret key and use it | |
| value: my-aws-secret-access-key-value-goes-here | |
| - name: AWS_ACCESS_KEY_ID # container | aws will auto detect this account id and use it | |
| value: my-aws-acces-key-id-goes-here | |
| resources: {} | |
| securityContext: | |
| capabilities: {} | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| dnsPolicy: Default # workload | custom | sometimes pod wont have intenet acces in 'clsuter first' | |
| hostNetwork: true | |
| restartPolicy: Never # workload | standard | as per requirement | |
| schedulerName: default-scheduler # workload | standard | as per requirement | |
| securityContext: {} | |
| terminationGracePeriodSeconds: 30 | |
| schedule: 0 */6 * * * # workload | cron pattern | every 6 hours | |
| successfulJobsHistoryLimit: 3 | |
| suspend: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment