#
# RUN me where kubectl is available,& make sure to replace account,region etc
#
ACCOUNT="71090*****"
REGION="cn-northwest-1"
SECRET_NAME="k8s-ecr-secret"
EMAIL="***"
#
# Fetch token (which will expire in 12 hours)
#
TOKEN=`aws ecr get-login-password --region ${REGION}`
#
# Create or replace registry secret
#
kubectl --kubeconfig=/home/gitlab-runner/.kube/config delete secret --ignore-not-found $SECRET_NAME
kubectl --kubeconfig=/home/gitlab-runner/.kube/config create secret docker-registry $SECRET_NAME \
--docker-server=https://${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com.cn \
--docker-username=AWS \
--docker-password="${TOKEN}" \
--docker-email="${EMAIL}"
kubectl patch serviceaccount default -p \
'{"imagePullSecrets":[{"name":"'$SECRET_NAME'"}]}'
~ #对于不同的namespace,需要单独设置一遍