Push an Image

Overview

Follow the steps below to push an image to your org's private registry.

When configuring a workload using the UI, the list of available images stored in your private registry can be viewed by pressing Control-I.

An image can be pushed by using either Docker, the CLI, or any Docker compatible client.

Prerequisites

Push using Docker

Step 1 - Set up Docker authentication (Required)

Executing the command below will update the local Docker profile to use the CLI to authentication to your private registry when performing the push.

copy
cpln image docker-login --org ORG_NAME
TIP

The cpln profile named default will be used by Docker when authenticating to the private registry before the pushing the image. If a different profile is required for authentication, set the CPLN_PROFILE environment variable to the desired profile name.

Step 2 - Build a new image using Docker and a Dockerfile (Optional)

If you have an existing image, skip to step 3.

Executing the command below will containerize your application using the defined Dockerfile. The image generated will be tagged in the format required to push it to your private registry.

copy
docker build -t ORG_NAME.registry.cpln.io/IMAGE[:TAG] .
TIP

NOTE: When building on a system architecture which is not amd64 (such as an M1 Mac), use the following docker command:

docker buildx build --platform=linux/amd64 -t ORG_NAME.registry.cpln.io/IMAGE[:TAG] .

Step 3 - Tag an existing image (Optional)

Executing the command below will tag an existing local image in the format required to push it to your private registry.

Required Image Name Format: ORG_NAME.registry.cpln.io/IMAGE[:TAG]

If your image is already tagged in this format, skip to step 4.

copy
docker tag SOURCE_IMAGE[:TAG] ORG_NAME.registry.cpln.io/IMAGE[:TAG]

Step 4 - Push image to your private registry

Executing the command below will authenticate and push the image to your private registry.

copy
docker push ORG_NAME.registry.cpln.io/IMAGE[:TAG]

Depending on the size of the image and its dependencies, it might take a few minutes for the push to complete.

Step 5 - Use image in a workload

Once an image has been successfully pushed to your org's private registry, it can be referred to by a workload's container.

When setting up a workload, the list of available images stored in your private registry can be viewed and selected by pressing Control-I.

Push using cpln

Another method to push an image to your private registry is by using the CLI's image build command.

Option 1: Using buildpacks

Executing the command below will:

  • Automatically build the image using buildpacks. No Dockerfile is required.
  • Tag it with the required format
  • and push it to your private registry

Buildpacks will crawl the application code and try to generate the image. If it is unable to automatically generate the image, you will need to use option 2.

copy
cpln image build --name IMAGE:TAG --push --org ORG_NAME

Option 2: Using a Dockerfile

Executing the command below is similar to option 1, but will build the image using Docker and will follow the instructions in the Dockerfile.

copy
cpln image build --dockerfile PATH_TO_DOCKERFILE/Dockerfile --name IMAGE:TAG --push --org ORG_NAME

Authentication using a Service Account

In situations where the CLI cannot be used, authentication to your private registry is accomplished by using a Service Account.

Use the following parameters to authenticate using Docker or any Docker compatible client:

  • Registry Server Hostname: ORG_NAME.registry.cpln.io
  • Username: '<token>'
    • NOTE: The username is the literal string '<token>' (See example below).
  • Password: Service Account Key
TIP

The Service Account Key is a sensitive value and should be stored securely/encrypted.

If the key is compromised, it can be deleted and a new one generated.

Example using Docker:

copy
docker login ORG_NAME.registry.cpln.io -u '<token>' -p SERVICE_ACCOUNT_KEY

After successfully authenticating to your private registry, the service account will be able push images based on a defined Policy. Refer to the Image Policy reference page for instructions on how to configure the minimum policy necessary to push images.

Next Steps

Once an image has been successfully pushed to your org's private registry, it can be referred to by a workload's container.

When setting up a workload, the list of available images stored in your private registry can be viewed and selected by pressing Control-I.

Reference

Refer to the image build command for additional details.

Copyright © 2022 Control Plane Corporation. All rights reserved. Revision ca7f7cfc
Contents