4

I want to use pulumi to set up ECS with an image from a private docker registry (GitLab). Is there a way to specify the secret in the container defintion?

I'm trying to set up a new ECS cluster (awsx.ecs.Cluster) with a Service (awsx.ecs.EC2Service) running a Task with a container (awsx.ecs.Container). The image for the container is stored in a Gitlab private docker registry.

In the AWS console I would've created a Task with a container and selected Private repository authentication. This allows setting an arn to a secret in secrets manager containing credentials as described in Private Registry Authentication for Tasks.

I haven't found a way to set this in pulumi though.

Markus
  • 79
  • 1
  • 9
  • you want to add image to ecs with pulumi after creating ecs? – 4c74356b41 Apr 19 '19 at 04:49
  • I'm trying to create a new ECS cluster with a docker image from an external private docker registry and am looking for a way to provide credentials for the registry. I've edited the question to provide further details. – Markus Apr 19 '19 at 07:19

1 Answers1

1

then you would need to do it like you normally would in kubernetes.

Create a docker registry secret (set its type to kubernetes.io/dockerconfigjson) and make pod reference that secret, so add imagepullsecrets to pod spec.

FOr more details consult the link I've referenced

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
  • Unfortunately, I can't find the option to add the secret to the task's container in Pulumi. – Markus Apr 19 '19 at 09:19
  • just add it to spec like you normally would, its just a reference to a secret in container definition – 4c74356b41 Apr 19 '19 at 09:52
  • 1
    You're right, I just added `repositoryCredentials` to the `awsx.ecs.Container` definition and it was added to the task's container. Not sure why it didn't work at first. Thanks for the help. – Markus Apr 19 '19 at 11:13