Hello With the use of `ecr credential provider` on a non clo Rancher Users #rke2

Hello. With the use of `ecr-credential-provider` o...

calm-intern-77428

02/24/2025, 11:16 AM

Hello. With the use of

ecr-credential-provider

on a non-cloud instance (no IAM roles), where would be the best place to store the AWS static credentials? With RKE1 it was possible to add it as part of the

cluster.yml

where you define

extra_env

for

kubelet

which triggered a restart of the kubelet process, but I don't see a similar directive for it with RKE2.

creamy-pencil-82913

02/24/2025, 5:11 PM

Plugin credentials don't come from the kubelet, rather the kubelet gets them from the provider - so I'm not sure why you would want to put them in kubelet config or restart the kubelet. The ECR credential provider should load them from any of the usual locations... env vars, shared credentials file, and so on .

creamy-pencil-82913

02/24/2025, 5:13 PM

This is not rke2 specific, we just configure the kubelet credential provider plugin config and bin paths if we find things in the expected locations

calm-intern-77428

02/25/2025, 8:53 AM

Makes sense, thanks.

5 Views

Open in Slack

Previous Next