knative
/
docs
mirror of https://github.com/knative/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add pod identity note for ECR access

This commit is contained in:
Tisham (whatnick) Dhar 2025-09-11 12:10:07 +09:30 committed by knative-prow-robot
parent a3276b601b
commit fbf46a7990
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/versioned/install/operator/configuring-serving-cr.md
View File

@ -257,6 +257,33 @@ spec:
...
```
### Connect to AWS ECR using Pod Identity
The use of AWS ECR as source of images for deployment using knative-serving requires access to digests for images. This can be obtained via a managed role and this role can
be attached to the controller ServiceAccount. This will allow the controller pods to retrieve relevant digests for containers from ECR.
```terraform
module "pod_identity_knative" {
source = "terraform-aws-modules/eks-pod-identity/aws"
version = "~> 1.6"
name = "knative-serving-controller"
additional_policy_arns = {
AmazonEC2ContainerRegistryReadOnly = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
}
# Pod Identity Associations
associations = {
knative-serving-controller = {
cluster_name = "some-cluster-name"
namespace = "knative-serving"
service_account = "controller"
}
}
}
```
## SSL certificate for controller
To [enable tag to digest resolution](../../serving/tag-resolution.md), the Knative Serving controller needs to access the container registry.