Promote Images Between Docker Repos
Use the Jenkins pull-docker-images job to promote Docker containers between Docker registries, or within the same Docker registry. The credentials required to run this job change depending on if you bootstrapped your environment using AWS or Azure. The pull-docker-images job pulls images from a source registry into the Docker registry that was created during the bootstrap process.
Promote Docker Images on Azure
After you have bootstrapped a Kubernetes cluster in Azure, you will see the pull-docker-images job with the following parameters:
cloudOpsForKubernetesRepoURLcloudOpsForKubernetesBranchSOURCE_IMAGE_TAGDEST_IMAGE_TAGEP_IMAGE_REPOSSOURCE_DOCKER_REGISTRY_SECRETSOURCE_DOCKER_REGISTRY_ADDRESSSOURCE_DOCKER_USERNAMESOURCE_DOCKER_PASSWORD
To run this job, you must initially provide all credentials for the source Docker registry. You also have the option of providing a Docker registry secret name. We recommended that you provide all source registry credentials and a secret name on the first run of this job. This will store the credentials as a Kubernetes secret in the default namespace of your Kubernetes cluster, and then on subsequent runs to only specify the secret, which automatically retrieves the stored credentials. If you need to update the stored credentials in a secret, you can run this job with all credentials specified, including the pre-existing secret name, and the job automatically re-creates your secret with the updated credentials.
If you are transferring images on the same registry, the authentication process is the same. You must provide credentials on the first job execution.
Promoting Docker Images on AWS
After you have bootstrapped a Kubernetes cluster in AWS, you will see the pull-docker-images job and the authorize-aws-account-to-pull-ECR-images job.
Run the
authorize-aws-account-to-pull-ECR-imagesjob from the source AWS account.Ensure that you provide the destination AWS account so that the destination account has permission to pull Docker images. If you are retagging images on the same AWS account, you do not need to run the
authorize-aws-account-to-pull-ECR-imagesjob and can proceed to the next step. Theauthorize-aws-account-to-pull-ECR-imagesjob takes the following parameters:cloudOpsForKubernetesRepoURLcloudOpsForKubernetesBranchAWS_ACCOUNT_ID
Run the
pull-docker-imagesjob to pull the docker images.Ensure that you have authorized the destination AWS account to pull images. In AWS, this job takes the following parameters:
cloudOpsForKubernetesRepoURLcloudOpsForKubernetesBranchSOURCE_IMAGE_TAGDEST_IMAGE_TAGEP_IMAGE_REPOSSOURCE_DOCKER_REGISTRY_SECRETSOURCE_AWS_ACCOUNT_NUMBERSOURCE_AWS_REGION
The SOURCE_AWS_REGION parameter is only required if transferring images between regions.