Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: a67ffae364
Branches Tags
helm-externa...
/
docs
/
snippets
/
generator-ecr.yaml

generator-ecr.yaml 962 B
History Raw

12345678910111213141516171819202122232425262728293031323334 
  1. apiVersion: generators.external-secrets.io/v1alpha1
    2. 

  2. kind: ECRAuthorizationToken
    3. 

  3. metadata:
    4. 

  4.   name: ecr-gen
    5. 

  5. spec:
    6. 

  6. 

  7.   # specify aws region (mandatory)
    8. 

  8.   region: eu-west-1
    9. 

  9. 

  10.   # assume role with the given authentication credentials
    11. 

  11.   role: "my-role"
    12. 

  12. 

  13.   # choose an authentication strategy
    14. 

  14.   # if no auth strategy is defined it falls back to using
    15. 

  15.   # credentials from the environment of the controller.
    16. 

  16.   auth:
    17. 

  17. 

  18.     # 1: static credentials
    19. 

  19.     # point to a secret that contains static credentials
    20. 

  20.     # like AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY
    21. 

  21.     secretRef:
    22. 

  22.       accessKeyIDSecretRef:
    23. 

  23.         name: "my-aws-creds"
    24. 

  24.         key: "key-id"
    25. 

  25.       secretAccessKeySecretRef:
    26. 

  26.         name: "my-aws-creds"
    27. 

  27.         key: "access-secret"
    28. 

  28. 

  29.     # option 2: IAM Roles for Service Accounts
    30. 

  30.     # point to a service account that should be used
    31. 

  31.     # that is configured for IAM Roles for Service Accounts (IRSA)
    32. 

  32.     jwt:
    33. 

  33.       serviceAccountRef:
    34. 

  34.         name: "oci-token-sync"
    35.