setup container image registry
The scope of this section is to setup/create a container image registry or repository (depending on provider) on Docker Hub, AWS or Azure for allowing the pipeline that will package the application to push the resulting container image. By the end of this guide, we will get as an output the container repository URI, and, for some providers, the credentials for accessing the registry.
A container image name generically has the following format:
-
<registry-url>/<namespace>/<image-name>:<tag>-
<registry-url>: Container registry URL based on registry provider. -
<namespace>: Namespace within which the image is located. -
<image-name>: Repository/image name which can be from one level to n-level deep (depending on provider). -
<tag>: Some alphanumeric tag which is given as identifier.
-
-
Docker Hub account is required to access Docker Hub Registry. You can create one here.
-
Login on Docker Hub website.
-
Go to Repositories tab and click on "Create Repository".
-
Provide Name and Visibility for the repository and click "Create" button.
|
Note
|
For referencing an image in Docker Hub, you don’t have to specify the <registry-url> since it is the default on Docker.
IMPORTANT: Docker Hub does not support multi-level image names.
|
-
<namespace>/<image-name>:<tag>-
<namespace>: Username or Organization on Docker Hub. -
<image-name>: Previously chosen repository name. -
<tag>: Some alphanumeric tag which is given as identifier.
-
-
Get the AWS Account ID by executing
aws sts get-caller-identity. -
Login to AWS ECR with the following command (an example
<region>would beeu-west-1):
aws ecr get-login-password \
--region <region> | docker login \
--username AWS \
--password-stdin <aws-account-id>.dkr.ecr.<region>.amazonaws.com-
Create a repository namespace with the following command:
aws ecr create-repository \
--repository-name <namespace> \
--region <region>Sample Output
{
"repository": {
"registryId": "123456789012",
"repositoryName": "sample-repo",
"repositoryArn": "arn:aws:ecr:eu-west-1:123456789012:repository/project-a/nginx-web-app"
}
}-
<registry-url>/<namespace>/<image-name>:<tag>-
<registry-url>:<aws-account-id>.dkr.ecr.<region>.amazonaws.com -
<namespace>: Previously chosen repository name. -
<image-name>: Freely chosen project/image-name given by the user. -
<tag>: Some alphanumeric tag which is given as identifier.
-
That is:
-
<aws-account-id>.dkr.ecr.<region>.amazonaws.com/<repository-name>/<image-name>:<tag>
-
An Azure account with active subscription.
-
An Azure resource group.
-
Azure CLI installed.
-
Login to Azure using
az login. -
Set the Azure Subscription using
az account set --subscription <mySubscription>. -
Create a registry with the following command:
az acr create --resource-group <resourcegroup-name> --name <registry-name> --sku BasicSample Output
{
"adminUserEnabled": false,
"creationDate": "2019-01-08T22:32:13.175925+00:00",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myContainerRegistry007",
"location": "eastus",
"loginServer": "mycontainerregistry007.azurecr.io",
"name": "myContainerRegistry007",
"provisioningState": "Succeeded",
"resourceGroup": "myResourceGroup",
"sku": {
"name": "Basic",
"tier": "Basic"
},
"status": null,
"storageAccount": null,
"tags": {},
"type": "Microsoft.ContainerRegistry/registries"
}-
Enable user and password authentication on the registry with the following command:
|
Note
|
Any authentication option that produces as a result a long-term user and password is valid. The least troublesome one follows. |
az acr update -n <registry-name> --admin-enabled true-
Retrieve credentials for accessing the registry with the following command:
az acr credential show --name <registry-name>-
<registry-url>/<namespace>/<image-name>:<tag>-
<registry-url>:<registry-name>.azurecr.io -
<namespace>/<image-name>: Freely chosen project/image-name given by the user. -
<tag>: Some alphanumeric tag which is given as identifier.
-
That is:
-
<registry-name>.azurecr.io/<namespace>/<image-name>:<tag>
-
A Google Cloud project already setup
-
Artifact Repository API enabled for the project
-
GCloud CLI installed and configured
-
Login to GCloud using
gcloud auth login. -
Create a container image repository with the following command:
gcloud artifacts repositories create <repository-name> --repository-format=docker --location=<repository-location>Sample Output
Create request issued for: [testdockerrepo]
Waiting for operation [projects/poc-cloudnative-capgemini/locations/europe-southwest1/operations/748b5502-43af-46b9-9f3
a-eb2f5bd4178c] to complete...done.
Created repository [testdockerrepo].-
Enable access to your Artifact Registry repository from your local Docker client using:
gcloud auth configure-docker <location>-docker.pkg.dev
Sample Output
Adding credentials for: europe-west9-docker.pkg.dev
After update, the following will be written to your Docker config file located at
[C:\Users\mcerverc\.docker\config.json]:
{
"credHelpers": {
"europe-west9-docker.pkg.dev": "gcloud"
}
}-
<location>-docker.pkg.dev/<project-id>/<repository>/<image-name>:<tag>-
<location>: Regional or multi-regional location of the repository. -
<project-id>: Google Cloud project ID. -
<repository>: Previously chosen repository name. -
<image-name>: Freely chosen project/image-name given by the user. -
<tag>: Some alphanumeric tag which is given as identifier.
-
This documentation is licensed under the Creative Commons License (Attribution-NoDerivatives 4.0 International).
