mrinalsharma commented on PR #592: URL: https://github.com/apache/camel-karavan/pull/592#issuecomment-1375978155
The problem is with defining AWS ecr token in Karavan.yaml. The token is very short-lived(24 hours or less) and if expired will cause the image push to fail. To troubleshoot the expired token, user will have to be aware of the internals of the working of Karavan CI/CD or somehow we should notify the user in the karavan-app UI that the token is expired. One way to handle this is that add a step to karavan-task-dev-quarkus that gets the token by logging in to docker and uses it to publish the image. This step will only get executed when running in AWS or with docker hub. The login commands will be different though. Even to support OPENSHIFT, there are some tweaks done in the CI/CD process, I see this AWS changes the same way. Please correct me if my understanding is wrong. **_If I am understanding you correctly you don't even want to use keys like those given below in the karavan-secrets.yaml. You want to follow the same steps for all the environments and the user should take environment-specific steps by himself._** ``` aws_region: aws_region aws_output: json aws_account: "aws_account" ``` Summary: What I am suggesting is this 1. Add the following keys in CRD ``` username: aws_access_key_id password: aws_secret_access_key aws_region: aws_region aws_output: json aws_account: "aws_account" is_using_aws_ecr: true ``` 2. When the user deploys the project, run a step as part of karavan-task-dev-quarkus that logs in to AWS ecr and gets the token. 3. Once the token is received, in the next step use that token as a password to push the image. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
