Connect Spinnaker to Amazon Elastic Container Registry

Learn how to configure Spinnaker to connect to AWS ECR.

Adding ECR as a Docker registry

When configuring a registry, you normally use standard SpinnakerService configuration if using the Operator, or the hal command for adding a Docker Registry if using Halyard.

Starting Halyard version v1.10 and later , the ECR token refresh is supported by the docker registry provider by default. Hence you are not required to have the side car container alongside clouddriver to refresh the token. In these later versions, use the --password-command option to pass the command to update your access token through halyard as shown under ECR Docker Registry or use passwordCommand: under dockerRegistry account configuration for operator.

Update your Spinnaker installation

dockerRegistry:
  enabled: true
  primaryAccount: dockerhub
  accounts:
  - name: dockerhub
    requiredGroupMembership:
    providerVersion: V1
    address: 012345678910.dkr.ecr.us-east-1.amazonaws.com
    username: AWS 
    passwordCommand: "aws --region ue-east-2ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d | sed 's/^AWS://"

hal config provider docker-registry account add my-ecr-registry \
 --address $ADDRESS \
 --username AWS \
 --password-command "aws --region $REGION ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d | sed 's/^AWS://'"

Success! Now you will be able to use ECR as a Docker registry in the configuration stage.


Last modified February 3, 2022: (ab10083c)