{"id":21126435,"url":"https://github.com/lreimer/aws-ecr-operator","last_synced_at":"2025-07-08T23:31:57.941Z","repository":{"id":64307465,"uuid":"394590652","full_name":"lreimer/aws-ecr-operator","owner":"lreimer","description":"A K8s operator to manage an AWS ECR as a custom resource.","archived":false,"fork":false,"pushed_at":"2021-08-12T13:47:21.000Z","size":109,"stargazers_count":5,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-16T01:16:00.371Z","etag":null,"topics":["aws","aws-ecr","hacktoberfest","kubernetes","kubernetes-operator","operator-sdk"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lreimer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-10T09:08:12.000Z","updated_at":"2024-01-26T14:08:21.000Z","dependencies_parsed_at":"2023-01-15T11:00:37.907Z","dependency_job_id":null,"html_url":"https://github.com/lreimer/aws-ecr-operator","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Faws-ecr-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Faws-ecr-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Faws-ecr-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Faws-ecr-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lreimer","download_url":"https://codeload.github.com/lreimer/aws-ecr-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225470830,"owners_count":17479367,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-ecr","hacktoberfest","kubernetes","kubernetes-operator","operator-sdk"],"created_at":"2024-11-20T04:41:49.828Z","updated_at":"2024-11-20T04:41:50.541Z","avatar_url":"https://github.com/lreimer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS ECR Operator\n\nA K8s operator to manage an AWS ECR Repository as a custom resource. Simply manage your ECR repositories using the `Repository` CRD.\n```yaml\napiVersion: ecr.aws.cloud.qaware.de/v1beta1\nkind: Repository\nmetadata:\n  # name of the ECR repository\n  name: demo-microservice\n  # will be used as repository tags\n  labels:\n    app: demo-microservice\nspec:\n  # valid values are MUTABLE or IMMUTABLE. Defaults to IMMUTABLE\n  imageTagMutability: IMMUTABLE\n  imageScanningConfiguration:\n    scanOnPush: true\n  encryptionConfiguration:\n    # valid values are AES256 and KMS. Defaults to AES256\n    encryptionType: AES256\n    # the ARN of the KMS key to use\n    # kmsKey: \n```\n\nYou can apply IAM policies to your repository to restrict and controll access\nusing the `RepositoryPolicy` CRD.\n```yaml\napiVersion: ecr.aws.cloud.qaware.de/v1beta1\nkind: RepositoryPolicy\nmetadata:\n  name: demo-microservice-policy\nspec:\n  repositoryName: demo-microservice\n  policyText: |-\n    {\n        \"Version\": \"2012-10-17\",\n        \"Statement\": [\n            {\n                \"Sid\": \"AllowAll\",\n                \"Effect\": \"Allow\",\n                \"Principal\": {\n                    \"AWS\": \"arn:aws:iam::450802564356:user/mario-leander.reimer\"\n                },\n                \"Action\": [\n                    \"ecr:*\"\n                ]\n            }\n        ]\n    }\n```\n\nYou can also apply Repository Lifecycle policies to your repository to control when images get\nexpired using the `RepositoryLifecycle` CRD. See https://docs.aws.amazon.com/AmazonECR/latest/userguide/lifecycle_policy_examples.html\n```yaml\napiVersion: ecr.aws.cloud.qaware.de/v1beta1\nkind: RepositoryLifecycle\nmetadata:\n  name: demo-microservice-lifefycle\nspec:\n  repositoryName: demo-microservice\n  policyText: |-\n    {\n        \"rules\": [\n            {\n                \"rulePriority\": 1,\n                \"description\": \"Expire images older than 14 days\",\n                \"selection\": {\n                    \"tagStatus\": \"untagged\",\n                    \"countType\": \"sinceImagePushed\",\n                    \"countUnit\": \"days\",\n                    \"countNumber\": 14\n                },\n                \"action\": {\n                    \"type\": \"expire\"\n                }\n            }\n        ]\n    }    \n```\n\n## Development\n\n```bash\n# perform skaffolding with the Operator SDK\n$ operator-sdk init --project-version=3 --domain aws.cloud.qaware.de --repo github.com/lreimer/aws-ecr-operator\n$ operator-sdk create api --group ecr --version=v1beta1 --kind Repository --resource --controller\n$ operator-sdk create api --group ecr --version=v1beta1 --kind RepositoryPolicy --resource --controller\n$ operator-sdk create api --group ecr --version=v1beta1 --kind RepositoryLifecycle --resource --controller\n\n# install AWS SDK for Go v2\n$ go get github.com/aws/aws-sdk-go-v2\n$ go get github.com/aws/aws-sdk-go-v2/config\n$ go get github.com/aws/aws-sdk-go-v2/service/ecr\n\n# define CRD in api/repository_types.go\n# see https://book.kubebuilder.io/reference/markers/crd-validation.html\n$ make generate \u0026\u0026 make manifests\n$ make build\n\n# run operator locally outside the cluster\n# see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html\n# see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html\n# THESE ARE DUMMY CREDENTIALS :-) !\n$ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE\n$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\n$ export AWS_DEFAULT_REGION=eu-central-1\n$ make install run\n\n# try to create an ECR and do cleanup afterwards\n$ kubectl apply -k config/samples\n$ kubectl delete -k config/samples\n\n# for (local) in-cluster deployment\n# you need to add the above environment variables to a hidden .env.secret file\n# MAKE SURE NOT TO COMMIT THIS FILE :-) !\n$ echo AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE \u003e\u003e config/manager/.env.secret\n$ echo AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \u003e\u003e config/manager/.env.secret\n$ echo AWS_DEFAULT_REGION=eu-central-1 \u003e\u003e config/manager/.env.secret\n\n# build Docker image locally (optional) and deploy\n$ make docker-build\n$ make deploy\n\n# try to create an ECR and do cleanup afterwards\n$ kubectl apply -k config/samples\n$ kubectl delete -k config/samples\n```\n\n## Maintainer\n\nM.-Leander Reimer (@lreimer), \u003cmario-leander.reimer@qaware.de\u003e\n\n## License\n\nThis software is provided under the MIT open source license, read the `LICENSE`\nfile for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flreimer%2Faws-ecr-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flreimer%2Faws-ecr-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flreimer%2Faws-ecr-operator/lists"}