Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6145

Enable pulling images from ECR using IAM role, STS and service account on ROSA HCP cluster.

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • None
    • Improvement

      1. Proposed title of this feature request

      Enable  Image Pulls in ROSA HCP Without Additional Overhead using native IAM/STS.

       

      2. What is the nature and description of the request?

      The customer need to allow applications (pods) to pull images from Amazon ECR by making use of the native IAM / STS and service accounts in the same fashion as all other AWS services with a trust policy.

       

      3. Why does the customer need this? (List the business requirements here)

      The customer is using ROSA HCP with ECR as their container registry. Managing ECR tokens and secrets, with rotation, is hectic. Other methods to do this such as ECR Secrets Operator, cronjobs or adding the IAM role "AmazonEC2ContainerRegistryReadOnly" to the role associated with the worker nodes introduce additional complexity and overhead.

              rh-ee-adejong Aaren de Jong
              rhn-support-akadanna Archith Kadanna Palli
              Votes:
              0 Vote for this issue
              Watchers:
              Start watching this issue

                Created:
                Updated: