Push container to CSP
Summary
This guide will help you build a Docker container with Packer, push the metadata to HCP Packer as well as push the container to various CSP container repositories.
Note
The following examples include both CLI and Terraform examples. Choose whichever one suits your purposes.Prerequisites
- Prerequisites from Introduction
- The AWS CLI is used for provisioning infrastructure as well as providing login credentials for Terraform.
- Install AWS CLI(opens in new tab)
- Login to AWS CLI(opens in new tab)
Step 1a: Create repository (AWS CLI)
Using the AWS CLI, create an ECR with the following script:
<repository-name>
represents the name of the container image
aws ecr create-repository --repository-name <repository-name>
- Capture the
repositoryUri
value from the output.- This will be the Docker Tag you apply to images you wish to send to AWS ECR.
- During a container push, your local AWS credentials will be used for authorization.
Step 1b: Create repository (Terraform)
Related terraform resources
- aws_ecr_repository(opens in new tab)
The following HCL code can be used to deploy an AWS Container Repository.
resource "aws_ecr_repository" "demo" {
name = "<repository-name>"
image_tag_mutability = "IMMUTABLE"
image_scanning_configuration {
scan_on_push = true
}
}
output “repository_url” {
Value = aws_ecr_repository.demo.repository_url
}
- Capture the
repository_url
value from the output- This will be the Docker Tag you apply to images you wish to send to AWS ECR.
- During a container push, your local AWS credentials will be used for authorization.
Step 2: Push container to registry (AWS CLI)
- Locate your HCP service principal credentials you created in the Introduction Prerequisites.
- Assign the values to the environment variables are the top of the script.
- Replace
<region>
with the region you deployed your Repository into. - Replace
<aws-account-number>
with the account number you deployed your Repository into. - Replace
<repository-name>
with the name of the Repository you created. - Switch to the directory that contains your Packer templates and run the following:
## Add Packer credentials to the session
export HCP_CLIENT_ID=<client-id-from-hcp>
export HCP_CLIENT_SECRET=<client-secret-from-hcp>
## Build the container (replace filename with your template filename)
packer build docker-debian-aws.pkr.hcl
## Login to ECR via AWS CLI
aws ecr get-login-password --region <region> | \
docker login --username AWS --password-stdin <aws-account-number>.dkr.ecr.<region>.amazonaws.com
## Push the container to ECR
docker push <aws-account-number>.dkr.ecr.<region>.amazonaws.com/<repository-name>:latest
The image should be pushed into the AWS Repository, and is now available to be consumed by services with permission to pull it(opens in new tab).