The latest articles on DEV Community by Sai Kiran (@anaganisk). https://dev.to/anaganisk https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F171046%2F7d9f72ab-631d-41f4-a0ed-361e132b4971.jpg https://dev.to/anaganisk en Sai Kiran Sun, 31 May 2020 16:02:29 +0000 https://dev.to/anaganisk/integrating-aws-ecr-elastic-container-registry-with-kubernetes-1c1i https://dev.to/anaganisk/integrating-aws-ecr-elastic-container-registry-with-kubernetes-1c1i <p>I run my own kubernetes cluster spun up using Rancher on AWS lightsail which is an alternative to DigitalOcean. Though Lightsail is part of AWS, its not tightly as integrated as the rest of AWS. The ECR docker image token(or password) expires every 12 hours, and everytime you want to pull or push you have to renew it. To use it with kubernetes you need someway to update the secret automatically every 12 hours.<br> Getting ECR to work with it is like as same as any other non AWS(or EKS) cluster. You may read further if you want to integrate it with your DIY or other non AWS kubernetes clusters.<br> I dockerized a lightweight python script to run as a cron job, which will fetch a new login token every 6 hours(based on your deployment.yaml).<br> First create a secret that holds your AWS credentials with<br> </p> <div class="highlight"><pre class="highlight shell"><code>kubectl create secret <span class="nt">-n</span> ecr-kube-helper generic ecr-kube-helper-ecr-secret <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">REGION</span><span class="o">=[</span>AWS_REGION] <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">ID</span><span class="o">=[</span>AWS_KEY_ID] <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">SECRET</span><span class="o">=[</span>AWS_SECRET] </code></pre></div> <p>Lets begin by creating a service account.<br> </p> <div class="highlight"><pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Namespace</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ecr-kube-helper</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ecr-kube-helper</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">ecr-kube-helper</span> <span class="na">name</span><span class="pi">:</span> <span class="s">svac-ecr-kube-helper</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Role</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">role-ecr-kube-helper</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">ecr-kube-helper</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">apiGroups</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">secrets"</span><span class="pi">]</span> <span class="na">verbs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">get"</span><span class="pi">,</span><span class="s2">"</span><span class="s">delete"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">create"</span><span class="pi">]</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">RoleBinding</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">ecr-kube-helper</span> <span class="na">name</span><span class="pi">:</span> <span class="s">rb-ecr-kube-helper</span> <span class="na">roleRef</span><span class="pi">:</span> <span class="na">apiGroup</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Role</span> <span class="na">name</span><span class="pi">:</span> <span class="s">role-ecr-kube-helper</span> <span class="na">subjects</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">name</span><span class="pi">:</span> <span class="s">svac-ecr-kube-helper</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">ecr-kube-helper</span> </code></pre></div> <p>Then deploy it with a CronJob deployment, but be sure to change the environment values.<br> </p> <div class="highlight"><pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">CronJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">ecr-kube-helper</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cron-ecr-kube-helper</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">cron-ecr-kube-helper</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0</span><span class="nv"> </span><span class="s">*/6</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="na">successfulJobsHistoryLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="na">failedJobsHistoryLimit</span><span class="pi">:</span> <span class="m">5</span> <span class="na">jobTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">OnFailure</span> <span class="na">serviceAccountName</span><span class="pi">:</span> <span class="s">svac-ecr-kube-helper</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">svac-ecr-kube-helper-token-dr9bg</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">svac-ecr-kube-helper-token-dr9bg</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pod-ecr-kube-helper</span> <span class="na">image</span><span class="pi">:</span> <span class="s">anaganisk/ecr-kube-helper:1.0.0</span> <span class="na">imagePullPolicy</span><span class="pi">:</span> <span class="s">IfNotPresent</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/var/run/secrets/kubernetes.io/serviceaccount</span> <span class="na">name</span><span class="pi">:</span> <span class="s">svac-ecr-kube-helper-token-dr9bg</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">AWS_DEFAULT_REGION</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="c1"># AWS credientials secret</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ecr-kube-helper-ecr-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">REGION</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">AWS_ACCESS_KEY_ID</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="c1"># AWS credientials secret</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ecr-kube-helper-ecr-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">ID</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">AWS_SECRET_ACCESS_KEY</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="c1"># AWS credientials secret</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ecr-kube-helper-ecr-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">SECRET</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">LOGLEVEL</span> <span class="na">value</span><span class="pi">:</span> <span class="s">INFO</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">TARGET_SECRET</span> <span class="na">value</span><span class="pi">:</span> <span class="s">xxxSecretxxx</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">TARGET_ECR</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">xxxECR_REPOxxx"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">TARGET_NAMESPACE</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ecr-kube-helper"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">TARGET_EMAIL</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">docker@example.com"</span> </code></pre></div> <p>And you’re done. Let it handle the rest.<br> The helper can only update one ECR ID for now so, if you want to use it with multiple ECRs you may have to create multiple cronjobs. One ECR ID may have multiple repositories<br> for example ECR_ID.dkr.ecr.ap-south-1.amazonaws.com/repository</p> <p>Github Page <a href="https://anaganisk.github.io/ecr-kube-helper/">https://anaganisk.github.io/ecr-kube-helper/</a></p> kubernetes aws python Sai Kiran Mon, 01 Jul 2019 09:08:54 +0000 https://dev.to/anaganisk/how-exactly-is-ionic-capacitor-is-different-from-corodova-1apk https://dev.to/anaganisk/how-exactly-is-ionic-capacitor-is-different-from-corodova-1apk <p>I've started exploring, cordova and ionic but I dont see exactly how they differ they both use webviews, and the way we implement plugins differ apart from that how do they differ architecturally. </p> ionic corova javascript typescript