I have web application tar file. I have created docker image for the same. I will be using a private docker registry (Due to security reasons). I have written Helm charts to use the image in Kubernetes (Kept it in Private helm repo). So if anyone want to install the APP using docker image on EKS feature of AWS, what would be the best way I can package my app and give it to them ?
Basic requirement is It shouldn't be available to everyone for installation. Only the one's approved by me can install.
Thanks in advance.
You can push it to their private container registry. If they are using AWS you can use ECR. You can find more information on how to push the image here
Basically, they would need to create an IAM user/role for you to be able to push to their AWS account.
Related
Lets say I have an EKS cluster, an EC2 instance and my local machine, I can pull images from my private ECR without any issues. But when I pull a generic image like nginx, it will come from Docker Hub straight to me. Would it be possible to redirect this pull to enter my ECR first (so that it gets scanned for vulnerabilities, and maybe even for caching purposes perhaps) and then from my ECR to where I pulled from?
If this is not possible, what would be a good alternative?
AWS container team person here. Can you clarify one thing? Would you be ok to point your manifests to ECR (acting as a hub/cache for external registries) or do you want to keep your manifests pointing to DockerHub but somewhat transparently go through ECR for caching? I am asking because we are working on the former scenario.
You can subscribe here to see the progress and leave comments.
It is not possible to redirect your request to pull generic image to ECR and then to Docker Hub.
I understand your concern to pull images from Docker Hub directly. So what you can do what we have done in our projects is:
pull generic image from Docker Hub for one time
Using that image, build your own image with any customisations you may require or not.
Publish the newly created image to your ECR repo.
Going forward use your only ECR repo to pull that image.
In this way, you will have full control on the image you have. Also, it would be more secure to pull it from your ECR repo rather then again and again using Docker Hub. Also, you can do any customisation you want.
Can anyone please share Docker file or repository that creates an image on which Cloud Storage plugin is already installed? Nexus plugin to write data into Cloud Storage?
you can pull the images using docker
docker pull gcr.io/google.com/cloudsdktool/cloud-sdk:latest
check this github repo to find more information
Is there any way to load containers stored in docker hub registry in Amazon Sagemaker.
According to some documentation, it should be possible, but I have not been able to find any relevan example or guide for it.
While you can use any registry when working with Docker on a SageMaker notebook, as of this writing other SageMaker components presently only support images from Amazon ECR repositories.
As AWS CodeBuild provides "Docker" curated images (http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html),
I'd like to reuse one of those to build my custom CodeBuild Image (http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker-custom-image.html).
I don't know the CodeBuild Registry Url.
How to reference those images (FROM) ?
I could rebuild myself the image I need (https://github.com/aws/aws-codebuild-docker-images) and host it in a private ECR but it's wasting time and storage.
CodeBuild's internal Docker repository used for Curated Images is not publicly accessible. You should build your own base image from the official Dockerfiles.
The AWS CodeBuild provides also a console where you can use these images. I think they use Amazon EC2 Repository to provide these internally, like the one you can use. but there isn't a public registry (or I already haven't found).
You can find these images to create Docker machines using the build spec defined by Amazon
http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html
I found this public image but is not official:
https://hub.docker.com/r/sandorzelei/aws-codebuild/
So you can use it as follows:
FROM sandorzelei/aws-codebuild
I am trying to setup a new springboot+docker(microservices) based project. The deployment is targeted on aws. Every service has a Dockerfile associated with it. I am thinking of using amazon container service for deployment, but as far as I see it only pulls images from docker hub. I don't want ECS to pull from docker-hub, rather build the images from docker file and then take over the deploying those containers.Is it possible to do? If yes how.
This is not possible yet with the Amazon EC2 Container Service (ECS) alone - while ECS meanwhile supports private registries (see also the introductory blog post), it doesn't yet offer an image build service (as usual, AWS is expected to add such notable additional features over time, see e.g. the Feature Request: ECS container dream service for more on this).
However, it can already be achieved with AWS Elastic Beanstalk's built in initial support for Single Container Docker Configurations:
Docker uses a Dockerfile to create a Docker image that contains your source bundle. [...] Dockerfile is a plain text file that contains instructions that Elastic Beanstalk uses to build a customized Docker image on each Amazon EC2 instance in your Elastic Beanstalk environment. Create a Dockerfile when you do not already have an existing image hosted in a repository. [emphasis mine]
In an ironic twist, Elastic Beanstalk has now added Multicontainer Docker Environments based on ECS, but this highly desired more versatile Docker deployment option doesn't offer the ability to build images in turn:
Building custom images during deployment with a Dockerfile is not supported by the multicontainer Docker platform on Elastic Beanstalk. Build your images and deploy them to an online repository before creating an Elastic Beanstalk environment. [emphasis mine]
As mentioned above, I would expect this to be added to ECS in a not too distant future due to AWS' well known agility (see e.g. the most recent ECS updates), but they usually don't commit to roadmap details, so it is hard to estimate how long we need to wait on this one.
Meanwhile Amazon has introduced EC2 Container Registry https://aws.amazon.com/ecr/
It is a private docker repository if you do not like docker hub. Nicely integrated with the ECS service.
However it does not build your docker images, so it does not solve the entire problem.
I use a bamboo server for building images (the source is in git repositories in bitbucket). Bamboo pushes the images to Amazons container registry.
I am hoping the Bitbucket Pipelines will make the process more smooth with less configuration of build servers. From the videos I have seen all your build configuration sits right in your repository. It is still in a closed beta so I guess we will have to wait a bit more to see what it ends up being.