Promote Images Between Docker Repos
Use the Jenkins pull-docker-images
job to promote Docker containers between Docker registries, or within the same Docker registry. The credentials required to run this job change depending on if you bootstrapped your environment using AWS or Azure. The pull-docker-images
job pulls images from a source registry into the Docker registry that was created during the bootstrap process.
Promote Docker Images on Azure
After you have bootstrapped a Kubernetes cluster in Azure, you will see the pull-docker-images
job with the following parameters:
cloudOpsForKubernetesRepoURL
cloudOpsForKubernetesBranch
SOURCE_IMAGE_TAG
DEST_IMAGE_TAG
EP_IMAGE_REPOS
SOURCE_DOCKER_REGISTRY_SECRET
SOURCE_DOCKER_REGISTRY_ADDRESS
SOURCE_DOCKER_USERNAME
SOURCE_DOCKER_PASSWORD
To run this job, you must initially provide all credentials for the source Docker registry. You also have the option of providing a Docker registry secret name. We recommended that you provide all source registry credentials and a secret name on the first run of this job. This will store the credentials as a Kubernetes secret in the default namespace of your Kubernetes cluster, and then on subsequent runs to only specify the secret, which automatically retrieves the stored credentials. If you need to update the stored credentials in a secret, you can run this job with all credentials specified, including the pre-existing secret name, and the job automatically re-creates your secret with the updated credentials.
If you are transferring images on the same registry, the authentication process is the same. You must provide credentials on the first job execution.
Promoting Docker Images on AWS
After you have bootstrapped a Kubernetes cluster in AWS, you will see the pull-docker-images
job and the authorize-aws-account-to-pull-ECR-images
job.
Run the
authorize-aws-account-to-pull-ECR-images
job from the source AWS account.Ensure that you provide the destination AWS account so that the destination account has permission to pull Docker images. If you are retagging images on the same AWS account, you do not need to run the
authorize-aws-account-to-pull-ECR-images
job and can proceed to the next step. Theauthorize-aws-account-to-pull-ECR-images
job takes the following parameters:cloudOpsForKubernetesRepoURL
cloudOpsForKubernetesBranch
AWS_ACCOUNT_ID
Run the
pull-docker-images
job to pull the docker images.Ensure that you have authorized the destination AWS account to pull images. In AWS, this job takes the following parameters:
cloudOpsForKubernetesRepoURL
cloudOpsForKubernetesBranch
SOURCE_IMAGE_TAG
DEST_IMAGE_TAG
EP_IMAGE_REPOS
SOURCE_DOCKER_REGISTRY_SECRET
SOURCE_AWS_ACCOUNT_NUMBER
SOURCE_AWS_REGION
The SOURCE_AWS_REGION parameter is only required if transferring images between regions.