Closed
Description
Investigate how to achieve #14891 #12104
-
build eks environment(We use the preview env with private AWS ECR) - setup private ECR
- setup identity in IAM with proper roles
- setup service account in EKS to use identity from ☝
- run some experiments to determine a design that works. Options:
- ...define an ECR secret that rotates every 12h (because it expires after that amount). See this for a summary and follow the link for background.
- ...setup a service account, and use it to get a JWT with
registry-facade
andimage-builder-mk3
- ...setup a service account, and use it to get a JWT with
blobserve
The AWS SDK will be helpful for both. To prototype sooner, it might be easier to start off by experimenting using the AWSCLI.