[英]Using Gradle plugin to push docker images to ECR
I am using gradle-docker-plugin to build and push docker images to Amazon's ECR. 我正在使用gradle-docker-plugin构建并推送docker镜像到Amazon的ECR。 To do this I am also using a remote docker daemon running on an EC2 instance.
为此,我还要使用在EC2实例上运行的远程docker守护程序。 I have configured a custom task
EcrLoginTask
to fetch the ECR authorization token using aws-java-sdk-ecr
library. 我已经配置了一个自定义任务
EcrLoginTask
以使用aws-java-sdk-ecr
库获取ECR授权令牌。 Relevant code looks like : - 相关代码如下:-
class EcrLoginTask extends DefaultTask {
String accessKey
String secretCode
String region
String registryId
@TaskAction
String getPassword() {
AmazonECR ecrClient = AmazonECRClient.builder()
.withRegion(Regions.fromName(region))
.withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretCode))).build()
GetAuthorizationTokenResult authorizationToken = ecrClient.getAuthorizationToken(
new GetAuthorizationTokenRequest().withRegistryIds(registryId))
String token = authorizationToken.getAuthorizationData().get(0).getAuthorizationToken()
System.setProperty("DOCKER_PASS", token) // Will this work ?
return token
}
}
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.amazonaws:aws-java-sdk-ecr:1.11.244'
classpath 'com.bmuschko:gradle-docker-plugin:3.2.1'
}
}
docker {
url = "tcp://remote-docker-host:2375"
registryCredentials {
username = 'AWS'
password = System.getProperty("DOCKER_PASS") // Need to provide at runtime !!!
url = 'https://123456789123.dkr.ecr.eu-west-1.amazonaws.com'
}
}
task getECRPassword(type: EcrLoginTask) {
accessKey AWS_KEY
secretCode AWS_SECRET
region AWS_REGION
registryId '139539380579'
}
task dbuild(type: DockerBuildImage) {
dependsOn build
inputDir = file(".")
tag "139539380579.dkr.ecr.eu-west-1.amazonaws.com/n6duplicator"
}
task dpush(type: DockerPushImage) {
dependsOn dbuild, getECRPassword
imageName "123456789123.dkr.ecr.eu-west-1.amazonaws.com/n6duplicator"
}
The remote docker connection works fine, ECR token is also fetched successfully and the dbuild
task also gets executed successfully. 远程docker连接工作正常,ECR令牌也已成功获取,并且
dbuild
任务也已成功执行。
PROBLEM 问题
The dpush
task fails - "Could not push image: no basic auth credentials" dpush
任务失败-“无法推送映像:没有基本的身份验证凭据”
I believe this is because the authorization token received using the EcrLoginTask
was not passed on to in the docker
configuration closure password
property. 我相信这是因为使用接收到的授权令牌
EcrLoginTask
没有传递到在docker
配置封password
属性。
How do I fix it ? 我如何解决它 ? I need to provide the credentials on the fly each time the build is executed.
每次执行构建时,我都需要即时提供凭据。
Have a look at the ' gradle-aws-ecr-plugin '. 看看“ gradle-aws-ecr-plugin ”。 It's able to get a fresh (latest) Amazon ECR docker registry token, during every AWS/Docker command call:
在每个AWS / Docker命令调用期间,它都能获得一个新的(最新)Amazon ECR docker注册表令牌:
All Docker tasks such as DockerPullImage, DockerPushImage, etc. that are configured with the ECR registry URL will get a temporary ECR token.
配置有ECR注册URL的所有Docker任务(例如DockerPullImage,DockerPushImage等)将获得一个临时ECR令牌。 No further configuration is necessary.
无需其他配置。 It is possible to set the registry URL for individual tasks.
可以为单个任务设置注册表URL。
This should work well alongside either the gradle-docker-plugin or Netflix's nebula-docker-plugin , which is also based on, and extends, the 'bmuschko' docker plugin. 这应该与gradle-docker-plugin或Netflix的nebula- docker-plugin一起很好地工作,后者也基于并扩展了“ bmuschko”泊坞窗插件。
The ' gradle-aws-ecr-plugin ' BitBucket homepage explains concisely how to configure both the AWS and ECR [URL] credentials. “ gradle-aws-ecr-plugin ” BitBucket主页简要说明了如何配置AWS和ECR [URL]凭据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.