kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #286 from kubernetes/erictune-patch-1 

Add requirements and troubleshooting for ECR
pull/936/merge
Phillip Wittrock 2016-08-02 16:22:33 -07:00 committed by GitHub
parent 57dfdb5415 1c3e499e79
commit 0cb3bf8ebb
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/user-guide/images.md
View File

@ -81,6 +81,21 @@ The kubelet will fetch and periodically refresh ECR credentials. It needs the f
- `ecr:ListImages` - `ecr:ListImages`
- `ecr:BatchGetImage` - `ecr:BatchGetImage`
Requirements:
- You must be using kubelet version `v1.2.0` or newer. (e.g. run `/usr/bin/kubelet --version=true`).
- Your nodes must be in the same region as the registry you are using
- ECR must be offered in your region
Troubleshooting:
- Verify all requirements above.
- Get $REGION (e.g. `us-west-2`) credentials on your workstation. SSH into the host and run Docker manually with those creds. Does it work?
- Verify kubelet is running with `--cloud-provider=aws`.
- Check kubelet logs (e.g. `journalctl -t kubelet`) for log lines like:
- `plugins.go:56] Registering credential provider: aws-ecr-key`
- `provider.go:91] Refreshing cache for provider: *aws_credentials.ecrProvider`
### Configuring Nodes to Authenticate to a Private Repository ### Configuring Nodes to Authenticate to a Private Repository
**Note:** if you are running on Google Container Engine (GKE), there will already be a `.dockercfg` on each node **Note:** if you are running on Google Container Engine (GKE), there will already be a `.dockercfg` on each node