{"id":23647009,"url":"https://github.com/supercaracal/aws-ecr-image-pull-secret-controller","last_synced_at":"2025-08-31T22:32:21.737Z","repository":{"id":54445068,"uuid":"413264230","full_name":"supercaracal/aws-ecr-image-pull-secret-controller","owner":"supercaracal","description":"Custom controller for Kubernetes which automatically renews image pull secrets for AWS ECR","archived":false,"fork":false,"pushed_at":"2022-12-06T07:01:26.000Z","size":32,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-06-19T23:15:05.614Z","etag":null,"topics":["aws","kubernetes","operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/supercaracal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-10-04T03:41:40.000Z","updated_at":"2023-03-05T08:58:29.000Z","dependencies_parsed_at":"2023-01-24T08:46:19.799Z","dependency_job_id":null,"html_url":"https://github.com/supercaracal/aws-ecr-image-pull-secret-controller","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":"supercaracal/kubernetes-controller-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/supercaracal%2Faws-ecr-image-pull-secret-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/supercaracal%2Faws-ecr-image-pull-secret-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/supercaracal%2Faws-ecr-image-pull-secret-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/supercaracal%2Faws-ecr-image-pull-secret-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/supercaracal","download_url":"https://codeload.github.com/supercaracal/aws-ecr-image-pull-secret-controller/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231633143,"owners_count":18403402,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","kubernetes","operator"],"created_at":"2024-12-28T13:48:58.341Z","updated_at":"2024-12-28T13:48:58.987Z","avatar_url":"https://github.com/supercaracal.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![](https://github.com/supercaracal/aws-ecr-image-pull-secret-controller/workflows/Test/badge.svg?branch=master)\n![](https://github.com/supercaracal/aws-ecr-image-pull-secret-controller/workflows/Release/badge.svg)\n\nAWS ECR image pull secret controller\n===============================================================================\n\nThis controller has a feature to renew image-pull secrets for AWS ECR.\nSince docker login for AWS ECR expires at [12 hours](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html) later, the controller is needed for non EKS.\n\n## Controller's action\nThis controller checks all image pull secrets every 10 second.\nThe controller acts as the followings.\n\n| image pull secret | expiration | action |\n| --- | --- | --- |\n| not exists | | creates a new image pull secret |\n| exists | valid | does nothing |\n| exists | expired | deletes old image pull secret and creates new one |\n\n## Running controller on local host\n```\n$ kind create cluster\n$ make apply-manifests\n$ make build\n$ make run\n```\n\n## Running controller in cluster\n```\n$ kind create cluster\n$ make apply-manifests\n$ make build-image\n$ make port-forward \u0026\n$ make push-image\n```\n\n## Usage\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: example-login-secret\n  labels:\n    supercaracal.example.com/used-by: \"aws-ecr-image-pull-secret-controller\"\n  annotations:\n    supercaracal.example.com/aws-ecr-image-pull-secret.name: \"example-image-pull-secret\"\n    supercaracal.example.com/aws-ecr-image-pull-secret.email: \"foobar@example.com\"\n    supercaracal.example.com/aws-ecr-image-pull-secret.aws_account_id: \"000000000000\"\n    supercaracal.example.com/aws-ecr-image-pull-secret.aws_region: \"ap-northeast-1\"\ntype: Opaque\ndata:\n  AWS_ACCESS_KEY_ID: \"**********base64 encoded text**********\"\n  AWS_SECRET_ACCESS_KEY: \"**********base64 encoded text**********\"\n```\n\n```\n$ cp config/example-secret.yaml config/secret.yaml\n$ vi config/secret.yaml\n$ kubectl --context=kind-kind apply -f config/secret.yaml\n```\n\n```\n$ kubectl --context=kind-kind get secrets\nNAME                        TYPE                                  DATA   AGE\ncontroller-token-8bmfl      kubernetes.io/service-account-token   3      37m\ndefault-token-s4wsj         kubernetes.io/service-account-token   3      39m\nexample-image-pull-secret   kubernetes.io/dockerconfigjson        1      10m\nexample-login-secret        Opaque                                2      33m\n```\n\n```\n$ kubectl --context=kind-kind get secrets example-image-pull-secret -o json | jq -r .data.'\".dockerconfigjson\"' | base64 -d | jq .\n{\n  \"auths\": {\n    \"https://000000000000.dkr.ecr.ap-northeast-1.amazonaws.com\": {\n      \"username\": \"AWS\",\n      \"password\": \"*****************************************\",\n      \"email\": \"foo@example.com\",\n      \"auth\": \"*****************************************\"\n    }\n  }\n}\n```\n\n## See also\n* [sample-controller](https://github.com/kubernetes/sample-controller)\n* [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)\n* [operator-sdk](https://github.com/operator-framework/operator-sdk)\n* [kind](https://github.com/kubernetes-sigs/kind)\n* [Kubernetes Reference](https://kubernetes.io/docs/reference/)\n* [Configure a kubelet image credential provider](https://kubernetes.io/docs/tasks/kubelet-credential-provider/kubelet-credential-provider/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsupercaracal%2Faws-ecr-image-pull-secret-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsupercaracal%2Faws-ecr-image-pull-secret-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsupercaracal%2Faws-ecr-image-pull-secret-controller/lists"}