The easiest way to create and update a docker-registry secret in Rancher 2.x for an AWS ECR repo is to set up a CRON job that uses the AWS CLI and Kubectl.
- Log into the host machine where the cluster is running
- Install AWS CLI and configure it to use an IAM role that can read the ECR credentials.
- Test the CLI config using this command:
aws ecr --region <your_ecr's_region> get-login-password
- Install kubectl and configure it with the yaml for the cluster in which you want to define the secret
- Create a shell script like this:
# Delete the secret if it already exists (there is no way to update it)