Promote Images Between Docker Repositories
A common workflow is to build Self Managed Commerce Docker container images in one AWS account and later pull those images into another AWS account. For example, you can build and test Self Managed Commerce Docker images in a non-production account, and then promote those Docker images to a production account. CloudOps for Kubernetes provides two Jenkins jobs to support such use cases. To use the CloudOps for Kubernetes solution, both accounts must be bootstrapped with CloudOps for Kubernetes.
Overview
The high level workflow is:
- Run the
authorize-aws-account-to-pull-ECR-images
Jenkins job at least once in the source account to authorize the destination AWS account to access the Docker images. - Run the
pull-docker-images
Jenkins job in the destination account as needed to pull images from the source account.
Detailed Usage
After you have bootstrapped a Kubernetes cluster in AWS, you will see the pull-docker-images
job and the authorize-aws-account-to-pull-ECR-images
job.
Run the
authorize-aws-account-to-pull-ECR-images
job in the source AWS account.Ensure that you provide the destination AWS account so that the destination account has permission to pull Docker images. If you are retagging images on the same AWS account, you do not need to run the
authorize-aws-account-to-pull-ECR-images
job and can proceed to the next step. Theauthorize-aws-account-to-pull-ECR-images
job takes the following parameters:cloudOpsForKubernetesRepoURL
cloudOpsForKubernetesBranch
AWS_ACCOUNT_ID
Run the
pull-docker-images
job in the destination account to pull the docker images.Ensure that you have previously authorized the destination AWS account to pull images. In AWS, this job takes the following parameters:
cloudOpsForKubernetesRepoURL
cloudOpsForKubernetesBranch
SOURCE_IMAGE_TAG
DEST_IMAGE_TAG
EP_IMAGE_REPOS
SOURCE_DOCKER_REGISTRY_SECRET
SOURCE_AWS_ACCOUNT_NUMBER
SOURCE_AWS_REGION
The SOURCE_AWS_REGION parameter is only required if transferring images between regions.