Use the Jenkins
pull-docker-images job to promote Docker containers between Docker registries, or within the same Docker registry. The credentials required to run this job change depending on if you bootstrapped your environment using AWS or Azure. The
pull-docker-images job pulls images from a source registry into the Docker registry that was created during the bootstrap process.
Promote Docker Images on Azure
After you have bootstrapped a Kubernetes cluster in Azure, you will see the
pull-docker-images job with the following parameters:
To run this job, you must initially provide all credentials for the source Docker registry. You also have the option of providing a Docker registry secret name. We recommended that you provide all source registry credentials and a secret name on the first run of this job. This will store the credentials as a Kubernetes secret in the default namespace of your Kubernetes cluster, and then on subsequent runs to only specify the secret, which automatically retrieves the stored credentials. If you need to update the stored credentials in a secret, you can run this job with all credentials specified, including the pre-existing secret name, and the job automatically re-creates your secret with the updated credentials.
If you are transferring images on the same registry, the authentication process is the same. You must provide credentials on the first job execution.
Promoting Docker Images on AWS
After you have bootstrapped a Kubernetes cluster in AWS, you will see the
pull-docker-images job and the
authorize-aws-account-to-pull-ECR-imagesjob from the source AWS account.
Ensure that you provide the destination AWS account so that the destination account has permission to pull Docker images. If you are retagging images on the same AWS account, you do not need to run the
authorize-aws-account-to-pull-ECR-imagesjob and can proceed to the next step. The
authorize-aws-account-to-pull-ECR-imagesjob takes the following parameters:
pull-docker-imagesjob to pull the docker images.
Ensure that you have authorized the destination AWS account to pull images. In AWS, this job takes the following parameters:
The SOURCE_AWS_REGION parameter is only required if transferring images between regions.