amazon-web-servicesaws-ecramazon-eks

How to use Docker Image in ECR with AWS EKS


I have created EKS Cluster. I also have docker image in ECR. I am not sure how to use the docker image in pod definition in YAML.

Is it required to give credentials in secret? or EKS IAM role should have permission for ECR?

Any changes in permission have to do for Image in ECR ?


Solution

  • If you followed the EKS getting started guide, everything will work out of the box and you just have to specify the the full image name (e.g. ACCOUNT.dkr.ecr.REGION.amazonaws.com/imagename:tag) in the Pod definition (spec.containers.image field).

    It works because Kubernetes has native support for ECR and the CloudFormation template for the Kubernetes worker nodes attaches an AmazonEC2ContainerRegistryReadOnly policy to the instance profile.