AWS: create an Elastic Container Registry and Jenkins deploy job

By | 09/23/2019

The task is to create an AWS ECR repository and add a Jenkins job to build and deploy Docker images to this repository.

See the next part – Jenkins: Docker Compose deployment from Ansible with ECR authentication.

AWS ECR

Go to the ECR, click Get Started, set a new repository name:

Lave Mutable, so you’ll be able to push images with the same tag if it is already present in the repository:

Done:

IAM

Go to the IAM, create an additional user:

Attach the AmazonEC2ContainerRegistryFullAccess policy:

Save users access keys:

Configure AWS CLI profile:

[simterm]

$ aws configure --profile bttrm-backend-ecr
AWS Access Key ID [None]: AKI***6EZ
AWS Secret Access Key [None]: PpN***GNr
Default region name [None]: us-east-2
Default output format [None]: json

[/simterm]

Get access token:

[simterm]

$ aws --profile bttrm-backend-ecr ecr get-login --no-include-email --region us-east-2
docker login -u AWS -p eyJ***M30= https://534***385.dkr.ecr.us-east-2.amazonaws.com

[/simterm]

Log in:

[simterm]

$ docker login -u AWS -p eyJ***M30= https://534***385.dkr.ecr.us-east-2.amazonaws.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /home/setevoy/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[/simterm]

Find any existing Docker image on your workstation:

[simterm]

$ docker images | grep nginx
nginx                               alpine              031c45582fce        5 months ago        16.1MB
nginx                               latest              06144b287844        12 months ago       109MB

[/simterm]

Tag it with the new repository URL and name:

[simterm]

$ docker tag nginx:latest 534***385.dkr.ecr.us-east-2.amazonaws.com/test:latest

[/simterm]

Push this image:

[simterm]

$ docker push 534***385.dkr.ecr.us-east-2.amazonaws.com/test:latest
The push refers to repository [534***385.dkr.ecr.us-east-2.amazonaws.com/test]
579c75bb43c0: Pushed 
67d3ae5dfa34: Pushed 
8b15606a9e3e: Pushed 
latest: digest: sha256:c0b69559d28fb325a64c6c8f47d14c26b95aa047312b29c699da10380e90b4d7 size: 948

[/simterm]

Oak y – everything works here.

Jenkins

The next step will be to create a Jenkins job to build and push images.

Amazon ECR authentication

For ECR authentication – need to execute an AWS CLI aws ecr get-login command to get a token to used during docker login.

To avoid calling aws ecr get-login each time – the Amazon ECR plugin can be used here.

Install it:

Add new credentials – go to the Credentials – Add credentials, chose type AWS Credentials:

Create a new Pipeline-job:

And script:

node {
    def app

    stage('Clone repository') {
        git branch: "master", url: "[email protected]:example-dev/go-queue-consumer.git", credentialsId: "jenkins-example-github"
    }

    stage('Build image') {
        sh "docker build --build-arg APP_NAME=receipts -t 534***385.dkr.ecr.us-east-2.amazonaws.com/bttrm-receipt-consumer:latest -f docker/prod/Dockerfile ."
    }

    stage('Push image') {
        docker.withRegistry('https://534***385.dkr.ecr.us-east-2.amazonaws.com', 'ecr:us-east-2:bttrm-backend-ecr') {
            sh "docker push 534***385.dkr.ecr.us-east-2.amazonaws.com/bttrm-receipt-consumer:latest"
        }
    }
}

In the ‘ecr:us-east-2:bttrm-backend-ecr‘ we specify that we are looking for ECR access in the US-EAST-2 region for the bttrm-backend-ecr Jenkins CredentialsID.

Run the build:

Done.