Follow the steps below to push an image to your org's private registry.
When configuring a workload using the UI, the list of available images stored in your private registry can be viewed by pressing Control-I.
An image can be pushed by using either Docker, the CLI, or any Docker compatible client.
Executing the command below will update the local Docker profile to use the CLI to authentication to your private registry when performing the push.
copycpln image docker-login --org ORG_NAME
The cpln profile named default
will be used by Docker when authenticating to the private registry before the pushing the image.
If a different profile is required for authentication, set the CPLN_PROFILE
environment variable to the desired profile name.
If you have an existing image, skip to step 3.
Executing the command below will containerize your application using the defined Dockerfile. The image generated will be tagged in the format required to push it to your private registry.
copydocker build -t ORG_NAME.registry.cpln.io/IMAGE[:TAG] .
NOTE: When building on a system architecture which is not amd64 (such as an M1 Mac), use the following docker command:
docker buildx build --platform=linux/amd64 -t ORG_NAME.registry.cpln.io/IMAGE[:TAG] .
Executing the command below will tag an existing local image in the format required to push it to your private registry.
Required Image Name Format: ORG_NAME.registry.cpln.io/IMAGE[:TAG]
If your image is already tagged in this format, skip to step 4.
copydocker tag SOURCE_IMAGE[:TAG] ORG_NAME.registry.cpln.io/IMAGE[:TAG]
Executing the command below will authenticate and push the image to your private registry.
copydocker push ORG_NAME.registry.cpln.io/IMAGE[:TAG]
Depending on the size of the image and its dependencies, it might take a few minutes for the push to complete.
Once an image has been successfully pushed to your org's private registry, it can be referred to by a workload's container.
When setting up a workload, the list of available images stored in your private registry can be viewed and selected by pressing Control-I.
Another method to push an image to your private registry is by using the CLI's image build command.
Executing the command below will:
Buildpacks will crawl the application code and try to generate the image. If it is unable to automatically generate the image, you will need to use option 2.
copycpln image build --name IMAGE:TAG --push --org ORG_NAME
Executing the command below is similar to option 1, but will build the image using Docker and will follow the instructions in the Dockerfile.
copycpln image build --dockerfile PATH_TO_DOCKERFILE/Dockerfile --name IMAGE:TAG --push --org ORG_NAME
In situations where the CLI cannot be used, authentication to your private registry is accomplished by using a Service Account.
Use the following parameters to authenticate using Docker or any Docker compatible client:
ORG_NAME.registry.cpln.io
'<token>'
'<token>'
(See example below).Service Account Key
The Service Account Key is a sensitive value and should be stored securely/encrypted.
If the key is compromised, it can be deleted and a new one generated.
Example using Docker
:
copyecho $SERVICE_ACCOUNT_KEY | docker login ORG_NAME.registry.cpln.io -u '<token>' --password-stdin
After successfully authenticating to your private registry, the service account will be able push images based on a defined Policy. Refer to the Image Policy reference page for instructions on how to configure the minimum policy necessary to push images.
Once an image has been successfully pushed to your org's private registry, it can be referred to by a workload's container.
When setting up a workload, the list of available images stored in your private registry can be viewed and selected by pressing Control-I.
Refer to the image build command for additional details.