giantswarm / aws-operator

Manages Kubernetes clusters running on AWS (before Cluster API)

https://www.giantswarm.io/

Additional permissions needed for instances to pull from ECR

marians opened this issue 7 years ago · comments

Marian Steinbach commented 7 years ago

The worker instances need the following permissions to fetch credentials and images from EC2 container registries (ECR):

ecr:GetAuthorizationToken
ecr:BatchCheckLayerAvailability
ecr:GetDownloadUrlForLayer
ecr:GetRepositoryPolicy
ecr:DescribeRepositories
ecr:ListImages
ecr:BatchGetImage

See Kubernetes docs.