Skip to content

Commit 1fb1fdd

Browse files
arcolifearcolife
committed
update doc for AWS + ECR
Signed-off-by: arcolife <[email protected]>
1 parent e10044e commit 1fb1fdd

File tree

1 file changed

+39
-0
lines changed

1 file changed

+39
-0
lines changed

sample-network/README.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ For additional cluster options, see the detailed guidelines for:
4040
- [fabric-devenv](#vagrant-fabric-devenv): vagrant VM
4141
- [IKS](#iks)
4242
- [EKS](#eks)
43+
- [self-provisioned Kubernetes on AWS + ECR](#self-provisioned-kubernetes-on-aws--ecr)
4344
- [OCP](#ocp)
4445

4546

@@ -299,6 +300,44 @@ export TEST_NETWORK_INGRESS_DOMAIN=$(echo $INGRESS_IPADDR | tr -s '.' '-').nip.i
299300
For additional guidelines on configuring ingress and DNS, see [Considerations for Kubernetes Distributions](https://cloud.ibm.com/docs/blockchain-sw-252?topic=blockchain-sw-252-deploy-k8#console-deploy-k8-considerations).
300301

301302

303+
### Self-provisioned Kubernetes on AWS + ECR
304+
305+
- This will push the chaincode images to AWS ECR (private authenticated container registry).
306+
- It will use AWS CLI for ECR related operations like login and push.
307+
- The same image will then be pulled from ECR by the chaincode deployed in `test-network` k8s namespace.
308+
309+
**Prerequisites**:
310+
- All steps in [#EKS](#eks).
311+
- Make sure the AWS profile is configured with the correct AWS region and credentials for [aws-cli](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
312+
- You could use `AmazonEC2ContainerRegistryFullAccess` for relaxed access, but this is not recommended.
313+
- Refer to [ECR related AWS managed policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam-awsmanpol.html) for more information.
314+
- ECR repo as exported below under env var `TEST_NETWORK_AWS_ECR_REPO` exists in the correct region.
315+
316+
And for ECR based container registry, export:
317+
318+
```sh
319+
export TEST_NETWORK_CHAINCODE_REGISTRY="ecr"
320+
export TEST_NETWORK_AWS_PROFILE="default"
321+
export TEST_NETWORK_AWS_ACCOUNT="999999999999"
322+
export TEST_NETWORK_AWS_ECR_REPO="chaincodes"
323+
```
324+
325+
For using this ECR registry with Kubernetes, create a secret in `test-network` namespace within your cluster:
326+
327+
```sh
328+
export AWS_REGION=$(aws configure get region --profile ${TEST_NETWORK_AWS_PROFILE})
329+
330+
kubectl create secret docker-registry regcred \
331+
--docker-server="${TEST_NETWORK_AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com" \
332+
--docker-username=AWS \
333+
--docker-password="$(aws ecr get-login-password --region ${AWS_REGION})" \
334+
--namespace=test-network
335+
```
336+
337+
- Go ahead with the chaincode deployment now.
338+
- Test it out and make sure your cluster can pull images from the registry.
339+
- If not, try mounting the secret as a volume in your deployments manually.
340+
302341
## Vagrant: fabric-devenv
303342

304343
The [fabric-devenv](https://github.com/hyperledgendary/fabric-devenv) project will create a local development Virtual

0 commit comments

Comments
 (0)