Select Page

Anoop Tej Thotapalli

last updated on April 28, 2023


In this blog, we will explore how to configure AWS ECR with Spinnaker and Guide to create a simple deployment pipeline.

Advantages of AWS ECR

  • Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.
  • Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications.


  • An active Kubernetes cluster with Spinnaker installed. If you do not have an active Spinnaker, follow this document
  • Mandatory to have AWS is configured as Cloudprovider.
  • ECR Plugin added to Jenkins or any CI. Create a Job to build and push images into ECR.

Step by Step Instructions to Integrate AWS ECR on Spinnaker

  • If all the prerequisites are met, now without any delay let’s start off with the pipeline creation that will build and deploy applications into Kubernetes.
  • Add a GitHub artifact account to Spinnaker.
  • Login to AWS Console and Create an ECR Repo to push Jenkins Images.
  • Execute the below commands to configure ECR on Spinnaker
					ACCOUNT_ID=AWS Account_ID
REGION=Your Preferred Region
hal config provider docker-registry account add my-ecr-registry \
 --address $ADDRESS \
 --username AWS \
 --password-command "read -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<< \`aws sts assume-role --role-arn arn:aws:iam::$ACCOUNT_ID:role/$MANAGED_ROLE --query '[Credentials.AccessKeyId, Credentials.SecretAccessKey, Credentials.SessionToken]'  --output text --role-session-name $ACCOUNT_ID-$REGION-$MANAGED_ROLE\`; export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN; aws ecr get-authorization-token --region $REGION --output text --query 'authorizationData[].authorizationToken'  --registry-ids $ACCOUNT_ID| base64 -d | sed 's/^AWS://'"
hal deploy apply

Step by Step Instructions to Setup a Spinnaker Pipeline

  • Before we start the pipeline creation, here is a glance of basic that makes things easier to understand
    1. Application – An application represents the service you are going to deploy using Spinnaker, all configuration for that service and all the infrastructure on which it will run. You will typically create a different application for each service, though Spinnaker does not enforce that.
    2. Pipeline – A pipeline is a sequence of stages provided by Spinnaker, ranging from functions that manipulate infrastructure (deploy, resize, disable) to utility scaffolding functions (manual judgment, wait, run Jenkins job). All of these together precisely define the runbook for managing your deployments.
    3. Stage – A Stage in Spinnaker is an atomic building block for a pipeline, describing an action that the pipeline will perform. You can sequence stages in a Pipeline in any order, though some stage sequences are more common than others. Spinnaker provides a number of stages such as Deploy, Resize, Disable, Manual Judgment, and many more.
  • Now, let’s kick start with the pipeline creation process
    1. Firstly, if you would want to create an application, create an application.
    2. Create a pipeline in this application
    3. Setup Configuration with the ECR Repo details. Refer to the screenshot below

  • Now Add Stages to your Pipeline
    1. Build
    2. Deploy
    3. If you prefer to have bake you can add that too

    • Now, create ECR Secrets for Spinnaker to be able to pull the images. Manifest to create secret attached below
# RUN me where kubectl is available,& make sure to replace account,region etc.
# Fetch token (which will expire in 12 hours)
TOKEN=`aws ecr --region=$REGION get-authorization-token --output text --query authorizationData[].authorizationToken | base64 -d | cut -d: -f2`
# Create or replace registry secret
kubectl delete secret --ignore-not-found $SECRET_NAME
kubectl create secret docker-registry $SECRET_NAME \
 --docker-server=https://${ACCOUNT}.dkr.ecr.${REGION} \
 --docker-username=AWS \
 --docker-password="${TOKEN}" \
Note: As the ECR Token is dynamic, this keeps refreshing every 12hrs. For a continuous successful run ensure to create this secret as a CronJob.
  • Now, execute the pipeline it should build and deploy your desired application.

Hola, your ECR is now set up with Spinnaker… Enjoy Spinnaker

So in this article, we have shown you how to integrate AWS ECS with Spinnaker. If you wish to streamline your Continuous Delivery, subscribe and read our blog regularly.

Download Advanced deployment strategies

About OpsMx

Founded with the vision of “delivering software without human intervention,” OpsMx enables customers to transform and automate their software delivery processes. OpsMx builds on open-source Spinnaker and Argo with services and software that helps DevOps teams SHIP BETTER SOFTWARE FASTER.

Tags :


Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.