Refresh ECR Token for Kubernetes - Resolve ECR Token Expired Issue

refresh-ecr-token-for-kubernetes.sh

#!/bin/bash

# prerequisite:
# - ec2 instance should attached proper iam role
# - awscli
# - kubectl

# Usage:
#
# define the following variales in your environment (root account)
# - ECR_ACCOUNT
# - ECR_REGION
# - SECRET_NAME
#
# $ cp <script-file> /etc/cron.hourly/refresh_ecr_token
# $ chmod +x /etc/cron.hourly/refresh_ecr_token

# define ecr related information
ECR_ACCOUNT="${ECR_ACCOUNT:-123456789012}"
ECR_REGION="${ECR_REGION:-ap-northeast-1}"
SECRET_NAME="${SECRET_NAME:-ecr-auth}"
DOCKER_REGISTRY="https://${ECR_ACCOUNT}.dkr.ecr.${ECR_REGION}.amazonaws.com"

refresh_token() {
  # get latest ecr login token via awscli
  TOKEN=$(aws ecr get-authorization-token                      \
            --region="${REGION}"                               \
            --output text                                      \
            --query 'authorizationData[].authorizationToken' | \
          base64 -d | cut -d':' -f2)

  # abort if token retrieval failed
  if [ -z "${TOKEN}" ]; then
    echo "==> Abort, get token failed"
    exit 1
  fi

  # remove previous created secret (any failure will be ignored)
  kubectl delete secret --ignore-not-found "${SECRET_NAME}" || true

  # refresh ecr token with new token
  kubectl create secret docker-registry "${SECRET_NAME}"     \
    --docker-server="${DOCKER_REGISTRY}"                     \
    --docker-username=AWS                                    \
    --docker-password="${TOKEN}"                             \
    --docker-email="no-reply@example.com"
}

refresh_token "${ECR_REGION}"

Thank you so much @guessi, that's very simple and clever :)

@rabbagliettiandrea happy to know the script help someone around the world~ 😃

Thanks @guessi, small change I made to make it working on mac just added single quote around --query 'authorizationData[].authorizationToken'

@manish436 Thanks for report and now it's fixed 🎉