Continuous Integration & Deployment | Using a Jenkins Pipeline to deploy an image to AWS Elastic Container Registry (ECR)

Continuous Integration & Deployment | Using a Jenkins Pipeline to deploy an image to AWS Elastic Container Registry (ECR)

Nosa Ugowe Nosa Ugowe

Nosa Ugowe

Platform Engineering

发布日期: 2020年12月15日
+ 关注

Security within Immutable Objects and its components is a big topic these days. Organizations are looking at ways of securing their Image Repositories especially those that are Production bound.

One way of doing this is to find a secure and seamless method of transferring such Artifacts from public locations like Docker hub to that of a Provider like AWS. It is from this "Safe Space" that due process could be carried out to doubly ensure the integrity of the Image Artifact.

AWS has a managed service that takes care of the Build & Deploy of Image Artifacts. The benefit of this is that it gets to take care of the Heavy lifting in terms of Support and Maintenance. There is nothing worse than deploying an Application and having to baby sit it all the time.

This Article illustrates how to use a Jenkins Pipeline to Pull, Build and Deploy a Docker Image from Docker Hub to AWS's ECR.

PREREQUISITES

1) A Functional and Configured Jenkins Server

2) Docker

3) A Kubernetes Cluster running ( I am using MicroK8s in this example)

4) AN AWS IAM User Account (With the necessary permissions)

5) A Configured AWS Container Registry. ( I named mine Jenkins Pipeline)

STEP1: CREATE A JENKINS PIPELINE

No alt text provided for this image

STEP 2: VERIFY OUR ALREADY RUN DOCKER IMAGES

No alt text provided for this image

STEP 3: RUN OUR PIPELINE

No alt text provided for this image

SUCCESS!!!

STEP 4: VIEWING OUR LOGS

No alt text provided for this image

From our logs, our Two Stage Pipeline appears to have been successful.

STEP 5 : Viewing our Image Artifact in AWS's ECR

No alt text provided for this image

Our Image Artifact has successfully been rendered in to AWS's ECR! This is at this stage we can then run security tests on this Image ensuring that it meets expectations for Production Deployments.

VIEWING OUR PIPELINE CONFIG

node{
    
    
    
    stage('IMAGE PULL'){
        sh 'docker pull nosaugowe/arsenaljenkins'
        
        
        
    }
    
    stage("DEPLOYMENT TO AWS ECR"){
        withAWS(credentials: 'AWS_ECR', endpointUrl: 'https://948612111153.dkr.ecr.us-east-1.amazonaws.com', externalId: '948612111153', principalArn: 'arn:aws:iam::948612111153:user/ekstest', region: 'us-east-1') {
         sh ''' eval $(aws ecr get-login --no-include-email | sed \'s|https://||\')
'''      
         sh 'docker tag nosaugowe/arsenaljenkins 948612111153.dkr.ecr.us-east-1.amazonaws.com/jenkinspipeline'
         sh 'docker push 948612111153.dkr.ecr.us-east-1.amazonaws.com/jenkinspipeline'
}
    }
        
        
    

}

IN SUMMARY:

We used this Jenkins Pipeline to PULL, BUILD AND TRANSFER a Docker Image Artifact to AWS's ECR.

NEXT:

We will try to use Ansible to create a Service of this Image Artifact.

No alt text provided for this image


要查看或添加评论,请登录

Nosa Ugowe的更多文章

社区洞察

其他会员也浏览了