qclaogui · August 11, 2021 10:17 · Jun 22, 2021 · Jun 22, 2021
diff --git a/rancher_aws_ecr_secret.md b/rancher_aws_ecr_secret.md
@@ -1,4 +1,4 @@
-The easiest way to create and update a docker-registry secret for an AWS ECR repo is to set up a CRON job that uses the AWS CLI and Kubectl.
+The easiest way to create and update a docker-registry secret in Rancher 2.x for an AWS ECR repo is to set up a CRON job that uses the AWS CLI and Kubectl.
 
 - Log into the host machine where the cluster is running
 - Install AWS CLI and configure it to use an IAM role that can read the ECR credentials.

diff --git a/rancher_aws_ecr_secret.md b/rancher_aws_ecr_secret.md
@@ -0,0 +1,22 @@
+The easiest way to create and update a docker-registry secret for an AWS ECR repo is to set up a CRON job that uses the AWS CLI and Kubectl.
+
+- Log into the host machine where the cluster is running
+- Install AWS CLI and configure it to use an IAM role that can read the ECR credentials.
+- Test the CLI config using this command: `aws ecr --region <your_ecr's_region> get-login-password`
+- Install kubectl and configure it with the yaml for the cluster in which you want to define the secret
+- Create a shell script like this:
+
+```
+# Delete the secret if it already exists (there is no way to update it)
+kubectl delete secret <name_of_the_docker_registry_secret>
+# Create the secret
+kubectl create secret docker-registry <name_of_the_docker_registry_secret> \
+	--docker-server=<your_ecr_registry_uri> \
+	--docker-username=AWS \
+	--docker-password=$(aws ecr --region <your_ecr's_region> get-login-password) \
+	--docker-email=<your_notification_email>
+```
+
+- Now setup a cron job to run this shell script every 6 hours (AWS resets the password every 12, so just to be on the safe side).
+
+The secret will show up in the default project for the cluster. If you know how to have kubectl create it in a specific project, let me know.
No results found