Push an Image
Overview
Follow the steps below to push an image to your org’s private image registry.
When configuring a workload using the UI, the list of available images stored in your private image registry can be viewed by pressing CTRL+I on your keyboard.
An image can be pushed by using either Docker, the CLI, or any Docker compatible client.
Prerequisites
- Review the image reference page.
- Minimum Policy to push an image.
- Install Docker and the CLI.
Push using Docker
Step 1 - Set up Docker authentication (Required)
Executing the command below will update the local Docker profile to use the CLI to authentication to your private registry when performing the push.
cpln image docker-login --org ORG_NAME
The cpln profile named default will be used by Docker when authenticating to the private registry before the pushing
the image. If a different profile is required for authentication, set the CPLN_PROFILE environment variable to the desired profile name.
Step 2 - Build a new image using Docker and a Dockerfile (Optional)
If you have an existing image, skip to step 3.
Executing the command below will containerize your application using the defined Dockerfile. The image generated will be tagged in the format required to push it to your private registry.
docker build -t ORG_NAME.registry.cpln.io/IMAGE[:TAG] .
When building on a system architecture which is not amd64 (such as an M1/M2 Mac), use the following docker command:
docker build --platform=linux/amd64 -t ORG_NAME.registry.cpln.io/IMAGE[:TAG] .
Step 3 - Tag an existing image (Optional)
Executing the command below will tag an existing local image in the format required to push it to your private registry.
Required Image Name Format: ORG_NAME.registry.cpln.io/IMAGE[:TAG]
If your image is already tagged in this format, skip to step 4.
docker tag SOURCE_IMAGE[:TAG] ORG_NAME.registry.cpln.io/IMAGE[:TAG]
Step 4 - Push image to your private registry
Executing the command below will authenticate and push the image to your private image registry.
docker push ORG_NAME.registry.cpln.io/IMAGE[:TAG]
Depending on the size of the image and its dependencies, it might take a few minutes for the push to complete.
Step 5 - Use image in a workload
Once an image has been successfully pushed to your org’s private image registry, it can be referred to by a workload’s container.
When setting up a workload, the list of available images stored in your private image registry can be viewed and selected by pressing CTRL+I on your keyboard.
Push using cpln
Another method to push an image to your private registry is by using the CLI’s image build command.
Option 1: Using buildpacks
Executing the command below will:
- Automatically build the image using buildpacks. No Dockerfile is required.
- Tag it with the required format.
- and push it to your private image registry.
Buildpacks will crawl the application code and try to generate the image. If it is unable to automatically generate the image, you will need to use option 2.
cpln image build --name IMAGE:TAG --push --org ORG_NAME
Option 2: Using a Dockerfile
Executing the command below is similar to option 1, but will build the image using Docker and will follow the instructions in the Dockerfile.
cpln image build --dockerfile PATH_TO_DOCKERFILE/Dockerfile --name IMAGE:TAG --push --org ORG_NAME
Authentication using a Service Account
In situations where the CLI cannot be used, authentication to your private image registry is achieved by using a Service Account.
Use the following parameters to authenticate using Docker or any Docker compatible client:
- Registry Server Hostname:
ORG_NAME.registry.cpln.io - Username:
'<token>'The username is the literal string'<token>'(See example below). - Password:
Service Account KeyRefer to the Create a Service Account guide for instructions on how to generate a new key.
The Service Account Key is a sensitive value and should be stored securely/encrypted.
If the key is compromised, it can be deleted and a new one generated.
Example using Docker
echo $SERVICE_ACCOUNT_KEY | docker login ORG_NAME.registry.cpln.io -u '<token>' --password-stdin
After successfully authenticating to your private image registry, the service account will be able push images based on a defined Policy. Refer to the Image Policy reference page for instructions on how to configure the minimum policy necessary to push images.
Next Steps
Once an image has been successfully pushed to your org’s private image registry, it can be referred to by a workload’s container.
When setting up a workload, the list of available images stored in your private image registry can be viewed and selected by pressing CTRL+I on your keyboard.
Reference
Refer to the image build command for additional details.