Promote Images Between Docker Repositories
A common workflow is to build Self Managed Commerce Docker container images in one AWS account and later pull those images into another AWS account. For example, you can build and test Self Managed Commerce container images in a non-production account, and then promote those container images to a production account. CloudOps for Kubernetes provides two Jenkins jobs to support such use cases. To use the CloudOps for Kubernetes solution, both accounts must be bootstrapped with CloudOps for Kubernetes.
Overview
The high level workflow is:
- Run the
authorize-aws-account-to-pull-ECR-imagesJenkins job at least once in the source account to authorize the destination AWS account to access the container images. - Run the
pull-docker-imagesJenkins job in the destination account as needed to pull images from the source account.
Detailed Usage
After you have bootstrapped a Kubernetes cluster in AWS, you will see the pull-docker-images job and the authorize-aws-account-to-pull-ECR-images job.
Run the
authorize-aws-account-to-pull-ECR-imagesjob in the source AWS account.Ensure that you provide the destination AWS account so that the destination account has permission to pull container images. If you are retagging images on the same AWS account, you do not need to run the
authorize-aws-account-to-pull-ECR-imagesjob and can proceed to the next step. Theauthorize-aws-account-to-pull-ECR-imagesjob takes the following parameters:cloudOpsForKubernetesRepoURLcloudOpsForKubernetesBranchAWS_ACCOUNT_ID
Run the
pull-docker-imagesjob in the destination account to pull the container images.Ensure that you have previously authorized the destination AWS account to pull images. In AWS, this job takes the following parameters:
cloudOpsForKubernetesRepoURLcloudOpsForKubernetesBranchSOURCE_IMAGE_TAGDEST_IMAGE_TAGEP_IMAGE_REPOSSOURCE_DOCKER_REGISTRY_SECRETSOURCE_AWS_ACCOUNT_NUMBERSOURCE_AWS_REGION
The SOURCE_AWS_REGION parameter is only required if transferring images between regions.