Consider taking a list of account ids #29
Comments
|
Hey @leopoldodonnell yeah no problem! As you've seen currently we only support a single account inside a single region. Happy to take PR's if you want to help out, or I can work on as well. I think we'd need to pass maybe a map as a setup if you wanted multiple. We'd have to keep AWS Accounts together with the correct IAM creds. It would also be nice to do in a way that doesn't break upstream people consuming this app via the minikube addons (https://github.com/kubernetes/minikube#private-container-registries). |
|
Absolutely - I'd make it backward compatible. I thought I'd add I could get fancy and extract the default account id to be more consistent with the way that I'll get this done in the next few days. Thanks for getting this plugin into the project - it's a great help |
|
Hello @leopoldodonnell , did you ever end up completing this? |
|
Sorry, I got it working, but it felt like a hack and I didn’t want to
submit something that wasn’t in line with the author’s intention.
At the time we had been using multiple accounts, one for dev and one for
production images. We switched to doing most of our work on local images
and those that passed our CI pipeline and were in the production repo.
It would be worth someone going after this extention though. Changing the
code is easy enough, getting the configuration/user experience right is
where the challenge is.
I’d estimate that the effort to implement is about 8 hours for someone with
AWS and golang experience, so I’d suggest that it would be a 2-3 day
exercise if you plan to try to make it work.
Good luck
…On Tue, Feb 6, 2018 at 6:32 AM Katerina ***@***.***> wrote:
Hello @leopoldodonnell <https://github.com/leopoldodonnell> , did you
ever end up completing this?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAIQ45JpDIcgXWJX4Q9KsDWMMH5DTunSks5tSDhmgaJpZM4LsZmx>
.
|
|
Hey @leopoldodonnell, Awesome, thanks for the info! I'm thinking of doing this #57 as opposed to passing account IDs. I would appreciate your feedback on whether its possible or not since you are familiar with the code base. |
|
I was working on moving to an array of ids for my implementation.
…On Tue, Feb 6, 2018 at 6:58 AM Katerina ***@***.***> wrote:
Hey @leopoldodonnell <https://github.com/leopoldodonnell>,
Awesome, thanks for the info!
I'm thinking of doing this #57
<#57> as opposed
to passing account IDs. I would appreciate your feedback on whether its
possible or not since you are familiar with the code base.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAIQ4wWdMN5ND8iGl3TW6-QkevD6CfLIks5tSD54gaJpZM4LsZmx>
.
|
|
When you do this, it would make sense to setup your repos to allow, at
least, pull access from the AWS accounts that will be accessing the repos
…On Tue, Feb 6, 2018 at 6:58 AM Katerina ***@***.***> wrote:
Hey @leopoldodonnell <https://github.com/leopoldodonnell>,
Awesome, thanks for the info!
I'm thinking of doing this #57
<#57> as opposed
to passing account IDs. I would appreciate your feedback on whether its
possible or not since you are familiar with the code base.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAIQ4wWdMN5ND8iGl3TW6-QkevD6CfLIks5tSD54gaJpZM4LsZmx>
.
|
|
Just added support for this in #58 |
|
How do we specify different access key and secret key for multiple accounts? @rickard-von-essen |
|
@yujunz you don't, you give cross account access to that user/role. |
How shall I do it cross AWS and AWS China? It seems not possible to add IAM role from AWS China to the trust identifiers in AWS global. They two providers are totally isolated. |
|
Dealing with multiple regions in the same way might be useful as well... @yujunz You can probably deploy two instances, configured to use different secrets (with the |
We use multiple AWS accounts in a hub and spoke model. The hub account has the official images while other accounts may have all sort of wild animals. Minikube is where developers are working with both experimental and official images, so it would be great to be able to pull from both.
I'd happily implement a pull-request to allow for a list (space or comma?) of account ids just as
aws get-login --registry_idspermits, if it would be accepted.The text was updated successfully, but these errors were encountered: