-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
Improvement
-
1. Proposed title of this feature request
Enable Image Pulls in ROSA HCP Without Additional Overhead using native IAM/STS.
2. What is the nature and description of the request?
The customer need to allow applications (pods) to pull images from Amazon ECR by making use of the native IAM / STS and service accounts in the same fashion as all other AWS services with a trust policy.
3. Why does the customer need this? (List the business requirements here)
The customer is using ROSA HCP with ECR as their container registry. Managing ECR tokens and secrets, with rotation, is hectic. Other methods to do this such as ECR Secrets Operator, cronjobs or adding the IAM role "AmazonEC2ContainerRegistryReadOnly" to the role associated with the worker nodes introduce additional complexity and overhead.