By default CCE (Cloud Container Engine) has a temporary secret for SWR (Software Repository for Container) connection with default-secret name. This secret has an expiration date and updating periodically.
You can use describe command to show when it will expires.
kubectl describe secret default-secret
Name: default-secret
Namespace: default
Labels: secret-generated-by=cce
Annotations: temporary-ak-sk-expires-at: 2024-10-24 00:50:25.501 +0000 UTC
Type: kubernetes.io/dockerconfigjson
Data
====
.dockerconfigjson: 363 bytesIn some cases, for example pushing images to SWR from local or another CI/CD tool, we need to set permanent secret for container registry. In this situation we must create secret with Access Key and Security Key.
In order to get security credentials, go to Huawei Cloud console and click “My Credentials” under account menu which is in the upper right section.
You can see “Access Keys” menu in the left navigation. Click it and “Create Access Key”. This will download credentials as csv format. Now, we will create permanent secret to connect SWR.
Now, you need a Linux/MacOS computer to hash AK and SK parameters from csv. Use this command with replacing AK and SK parameters with yours.
printf "<AK>" | openssl dgst -binary -sha256 -hmac "<SK>" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'Example output:
32d633d480c6d326ddd8f439f4fbfc7c9a4e0fa3fc0565ccd56e027700d41b14We will use this output as password in docker login command. Go to SWR service from huawei cloud console and click “Generate Login Command”. This will create temporary log in command with expiration date but we won’t use it.
Update generated password with “-p” parameter in login command.
docker login -u tr-west-1@BAA3********** -p 32d633d480c6d326ddd8f439f4fbfc7c9a4e0fa3fc0565ccd56e027700d41b14 swr.tr-west-1.myhuaweicloud.com