Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for AWS ECR and GCR container registries too #9

Closed
rajiesh opened this issue May 21, 2018 · 8 comments

Comments

@rajiesh
Copy link

@rajiesh rajiesh commented May 21, 2018

Currently docker registry artifact plugin supports only basic authentication which works well with docker hub and hosted docker registries. Would be good to support Container registries provided by AWS(Elastic container registry) and GCP(Google Container Registry). Authentication methods differ for each of these registries,

https://cloud.google.com/container-registry/docs/advanced-authentication
https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth

cc @varshavaradarajan @akshaydewan @arvindsv

@ajbarry

This comment has been minimized.

Copy link

@ajbarry ajbarry commented Oct 3, 2018

I just wanted to point out that GCP/GCR does in fact work using the JSON key file authentication approach described in the documentation linked by @rajiesh

Here is an example of what my configuration looks like:
image

I've added a Custom Command Task after the build to tag the image appropriately:
docker tag my-build-image:my-build-tag gcr.io/gocd-example/my-published-image:my-published-tag
(different build/publish names are not required)

Then my build artifact would look like:
image

Hope this helps those also wondering if they need to wait for support built into the plugin.

@itsavvy-ankur

This comment has been minimized.

Copy link

@itsavvy-ankur itsavvy-ankur commented Dec 20, 2018

I have tried doing something similar but getting a "unauthorized: incorrect username or password"
The service account key file used I have tried it on other ci/cd tool to authorize against GCR , so it works.

Did you have to extract any bits from the service account key to add it as a password ? Or convert the json to a single line ?

It would be nice to have this feature implemented.

@ajbarry

This comment has been minimized.

Copy link

@ajbarry ajbarry commented Dec 20, 2018

@itsavvy-ankur I didn't do anything special to the json, just copy/pasted the file contents.

Make sure that you're using the _json_key username as that part is important.

@varshavaradarajan

This comment has been minimized.

Copy link
Member

@varshavaradarajan varshavaradarajan commented Jan 4, 2019

@rajiesh, @sheroy, @arvindsv - this plugin sort of works with ECR.

  • Executing aws ecr get-login --no-include-email in your terminal gives the docker login command which contains the registry url, username and password. Do not execute the login command. Its not necessary. The password is a token generated by aws that is valid for 12 hours.
  • From the above output, copy the registry url, username and password and set the artifact store fields.
  • Configure an external artifact to publish. Provide the image name and tag.
  • Run the job to build the docker image and tag it so that it can be pushed to ECR. The image repository must exist in ECR for the push to work. Otherwise, the job fails with name unknown: The repository with name 'non-existent' does not exist in the registry with id '...'

I don't think AWS provides any option for long lived tokens to use with CI/CD tools. Apparently, GCR does (haven't verified). Since the token is valid only for 12 hours, may be we can provide an option in the artifact store settings so that aws ecr get-login can be executed prior to doing a docker login. Unless one of you know another way to authenticate with ECR. This means that an aws client must also be provided in the plugin. I think that supporting ECR should be part of this plugin itself as one doesn't have to install multiple plugins to push to different registries. What do you think?

@arvindsv

This comment has been minimized.

Copy link
Member

@arvindsv arvindsv commented Jan 7, 2019

@ketan Might have some thoughts. I agree we should make this work easily with ECR.

@varshavaradarajan

This comment has been minimized.

Copy link
Member

@varshavaradarajan varshavaradarajan commented Apr 3, 2019

This can be closed now.

@bdpiparva

This comment has been minimized.

Copy link
Contributor

@bdpiparva bdpiparva commented Apr 4, 2019

Experimental release for the same is available here.

@bdpiparva

This comment has been minimized.

Copy link
Contributor

@bdpiparva bdpiparva commented Apr 11, 2019

@varshavaradarajan - Stable release-v1.0.1-92 with ECR support is available now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.