diff --git a/README.md b/README.md index d96dd989ce..221a9c2782 100644 --- a/README.md +++ b/README.md @@ -494,23 +494,10 @@ Please ensure, kaniko pod is running in the namespace and with a Kubernetes Serv #### Pushing to Amazon ECR The Amazon ECR [credential helper](https://github.com/awslabs/amazon-ecr-credential-helper) is built into the kaniko executor image. -To configure credentials, you will need to do the following: - -1. Update the `credsStore` section of [config.json](https://github.com/awslabs/amazon-ecr-credential-helper#configuration): - - ```json - { "credsStore": "ecr-login" } - ``` - - You can mount in the new config as a configMap: - - ```shell - kubectl create configmap docker-config --from-file= - ``` -2. Configure credentials +1. Configure credentials - 1. You can use instance roles when pushing to ECR from a EC2 instance or from EKS, by [configuring the instance role permissions](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ECR_on_EKS.html). + 1. You can use instance roles when pushing to ECR from a EC2 instance or from EKS, by [configuring the instance role permissions](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ECR_on_EKS.html). The AWS managed policy `EC2InstanceProfileForImageBuilderECRContainerBuilds` provides (broad) permissions to upload ECR images and may be used as configuration baseline. Additionally, set `AWS_SDK_LOAD_CONFIG=true` as environment variable within the kaniko pod. If running on an EC2 instance with an instance profile, you may also need to set `AWS_EC2_METADATA_DISABLED=true` for kaniko to pick up the correct credentials. 2. Or you can create a Kubernetes secret for your `~/.aws/credentials` file so that credentials can be accessed within the cluster. To create the secret, run: