Skip to content Skip to sidebar Skip to footer
Home / Get the Latest Uploaded Image on Aws Ecr Using Boto

Get the Latest Uploaded Image on Aws Ecr Using Boto

Post a Comment

Groundwork

In this post I am going to share a bash script that I use to build a docker container epitome from a Dockerfile and so upload the built image to Amazon Elastic Container Registry.

Getting a container image up to ECR is an important start pace before you tin can use that image in ECS/EKS or fifty-fifty on a stand alone EC2 server with docker or docker-compose.

The script I share hither is a stripped down version of what I use. Readers should develop the script further to suit their needs, add together error handling and error notificaiton.

If you follow the script, you can create an Elastic Container Registry, build a docker container and push it upto ECR.

Note

At the end, please remember to delete resource you create. Depending on your usage, you could incur charges on your account.

Requirements

To follow along you volition demand a few tools and utilities. In my case, I used my Ubuntu Desktop to fix the demonstration.

  • A Linux environment.
  • In my environs I have already configured an AWS profile called 'automation'. You lot can either create a profile manually or run AWS configure to gear up your access information.
  • I set these environment variables to use my AWS credentials
    • export AWS_DEFAULT_PROFILE=automation
    • export AWS_DEFAULT_REGION=us-e-ane
  • Install AWS CLI Version ii in your surroundings. I am using the newer syntax for ECR login as specified here.
  • jq to aid parse some output from the AWS CLI.
  • Docker Community Edition.

The versions are listed below.

I am running docker as not root user and if you demand help setting that up, follow instructions from hither.

                      docker --version Docker version 19.03.8, build afacb8b7f0  aws --version aws-cli/2.0.16 Python/3.seven.iii Linux/five.4.0-31-generic botocore/2.0.0dev20  jq --version jq-1.6

Script

The sample lawmaking consists of iii files.

  • A bash script which is used to put all things together.
    • This script will create an ECR for you if information technology does non exist.
    • Set up a lifecycle policy for your images.
    • Build a docker image
    • Tag the image
    • Push it upward to Amazon ECR.
  • A life cycle policy to manage your untagged images.
  • A Dockerfile to build an prototype locally.

Allow us exercise a quick review of the files.

The Dockerfile used is a typical instance for a base nginx. I used it for the demo purpose, you volition probably have something more advisable for your application.

The life bike policy is attached to ECR repository to help manage the number of version to keep. Every bit you build newer versions and they change, the ECR repository will end upwardly with untagged version that are no longer beingness referenced.

The policy ensures that yous exercise non accept more than four images without a Tag.

Consider this example:

  • You build an paradigm and push button it up to ECR every bit mynginx:latest.
  • You brand a change to the Dockerfile and push a new mynginx:latest
  • Now y'all will have i paradigm which will be united nations-tagged.
  • Presume a newer nginx epitome is pulled and you rebuild and push to Amazon ECR.
  • Now y'all will have 2 images which will be un-tagged.
  • Over time, as newer versions are built and pushed, you will finish up with images that are not being referenced, but still occupy infinite.
  • The life cycle policy ensure that you do non cease upwards with a large number of united nations-tagged images. It helps keep your price downwards.

The fustigate script is designed to be run from whatsoever Linux environment and tin can be used to button images to whatever AWS Region. For this reason, I accept not set region information in the script.

The script expects AWS Region, the name of the repository to create and the tag to be used to identify the docker image.

The script expects the Dockerfile to be in a folder <base of operations folder>/build-images/<repo-name>/Dockerfile. <base folder> is where the bash script and life bicycle policy reside.

Line # xiv through 23 checks if the repository already exists. If it doesn't then a repository is created and the life bike policy is attached to information technology.

Line # 32 extracts the registry data from the repository. This is used later to login to Amazon ECR.

Line # 35 shows the login command to Amazon ECR. This will give us admission to push an image up to the ECR.

Residuum of the script deals with building the docker prototype, tagging it and pushing it upwardly to Amazon ECR.

Testing

The following shows the command I used to create mynginx image and tag it as latest, to be pushed upward to the repository in us-east-1 region.

If you are using any other region, you lot can substitute the correct region and run information technology accordingly.

If you plan on using this image in more than than i region it is better to run the command for each of the regions, so the image is available in the region where y'all demand it.

                      ./ecr-repo.sh u.s.-east-i mynginx latest {     "registryId": "XXXXXXXXXXX",     "repositoryName": "mynginx",     "lifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Elapse untagged and count more than 4\",\"selection\":{\"tagStatus\":\"untagged\",\"countType\":\"imageCountMoreThan\",\"countNumber\":iv},\"action\":{\"blazon\":\"expire\"}}]}" } XXXXXXXXXXX.dkr.ecr.u.s.-east-1.amazonaws.com/mynginx XXXXXXXXXXX.dkr.ecr.the states-due east-1.amazonaws.com WARNING! Your countersign will be stored unencrypted in /home/sbali/.docker/config.json. Configure a credential helper to remove this warning. Run into https://docs.docker.com/engine/reference/commandline/login/#credentials-store  Login Succeeded Sending build context to Docker daemon  2.048kB Step 1/3 : FROM nginx:latest  ---> 9beeba249f3e Step 2/3 : EXPOSE fourscore  ---> Using cache  ---> 96a66c2ff55b Step 3/3 : CMD ["nginx", "-one thousand", "daemon off;"]  ---> Using enshroud  ---> 03027a2872bf Successfully built 03027a2872bf Successfully tagged mynginx:latest The button refers to repository [XXXXXXXXXXX.dkr.ecr.u.s.-east-1.amazonaws.com/mynginx] 6c7de695ede3: Pushed 2f4accd375d9: Pushed ffc9b21953f4: Pushed latest: assimilate: sha256:3cade80a3f755517dfe6ad6d41b417fda900db0a3422ec73ebb3618a0958418d size: 948

As you can see from the output above, the script created a new repository in Amazon ECR, congenital a docker image with identifier mynginx:latest and then pushed it to the repository available in your account.

If you navigate to the AWS console in a browser, and look at ECR Repository, yous should see the image you just created.

Next, I deleted all the local images on my desktop and did a fresh login to the ECR registry and ran the command as shown below to run into if I can pull the paradigm from ECR and run it.

Annotation: I deleted the local images using docker rmi and did a fresh login to AWS ECR before trying to run a container. 

                      docker rmi <local image>  consign AWS_DEFAULT_REGION=usa-eastward-1 export AWS_DEFAULT_PROFILE=automation aws ecr get-login-password | docker login --username AWS --countersign-stdin xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com                  
                      docker run  --name mynginx --rm  -p 8080:80 -d XXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/mynginx:latest Unable to find image 'XXXXXXXXXXX.dkr.ecr.the states-east-1.amazonaws.com/mynginx:latest' locally latest: Pulling from mynginx afb6ec6fdc1c: Pull complete b90c53a0b692: Pull complete 11fa52a0fdc0: Pull complete Assimilate: sha256:3cade80a3f755517dfe6ad6d41b417fda900db0a3422ecxxxxxxxxxxxxxxxxxxx Condition: Downloaded newer image for XXXXXXXXXXX.dkr.ecr.the states-east-1.amazonaws.com/mynginx:latest 0dc646973c20451abb3371227cc1370810d72d74860xxxxxxxxxxxxxxxxxxx  docker ps CONTAINER ID        Prototype                                                         COMMAND                  CREATED             STATUS              PORTS                  NAMES 0dc646973c20        XXXXXXXXXXX.dkr.ecr.united states-east-1.amazonaws.com/mynginx:latest   "nginx -g 'daemon of…"   14 seconds agone      Up 12 seconds       0.0.0.0:8080->80/tcp   mynginx

The captured output above shows, no image was found locally and it was pulled downwardly from ECR and used to start a Nginx container.

Summary

This demonstrates, how easy it is to setup a build and push image to ECR using simple AWS CLI and shell script.

You can easily adapt and modify the sample script to handle multiple regions and even run it in a Jenkins pipeline.

In fact, I have a Jenkins project for all of my images that utilize a similar script to continuously build and upload images to Amazon ECR.

Please retrieve to remove any resources yous created to avert incurring charges in your account.

Allow me know if you have any questions or need assist with this past commenting below.

Further Reading

  • More than information on docker.
  • More information on Amazon ECR.
  • AWS IAM

Photo Credit

Thanks to frank mckenna for sharing their work on Unsplash.

rodriguezcoughteeir.blogspot.com

Source: https://blog.skbali.com/2020/05/build-and-push-docker-image-to-amazon-ecr/

Post a Comment for "Get the Latest Uploaded Image on Aws Ecr Using Boto"