- Requirements
- Push a Docker Image from a Registry
To install the AWS CLI, see Installing, updating, and uninstalling the AWS CLI in the AWS Command Line Interface User Guide. Docker Desktop The following instructions use Docker CLI commands to create the container image. A Docker image has been built with aws-azure-login preinstalled. You simply need to run the command with a volume mounted to your AWS configuration directory. Docker run -rm -it -v /.aws:/root/.aws sportradar/aws-azure-login The Docker image is configured with an entrypoint so you can just feed any arguments in at the end.
Page last updated:
- A useful aspect about the new functionality in the Docker CLI is the docker compose convert command. Not only docker can up a compose file into an AWS stack but it also allows to inspect the intermediate CloudFormation template it generates. This could be useful, for example, in those cases where the developer isn’t directly responsible for.
- The Amazon ECS CLI; A Docker Hub account with a private repository; Push an image to a private Docker Hub repository (optional): If you want to follow the specific configurations of this post, you can pull the official Docker build for NGINX, tag the image.
This topic describes how to use the Cloud Foundry Command Line Interface (cf CLI) to push an app with a new or updated Docker image. Cloud Foundry (CF) then uses the Docker image to create containers for the app.
For an explanation of how Docker works in Cloud Foundry, see Using Docker in Cloud Foundry.
Add Aws Cli To Docker Image Example
Requirements
To push apps with Docker, you need:
A CF deployment that has Docker support enabled. To enable Docker support, see the Enable Docker section of the Using Docker in Cloud Foundry topic.
A Docker image that meets the following requirements:
- The Docker image must contain an
/etc/passwd
file with an entry for theroot
user. In addition, the home directory and the shell for thatroot
user must be present in the image file system. - The total size of the Docker image file system layers must not exceed the disk quota for the app. The maximum disk allocation for apps is set by the Cloud Controller. The default maximum disk quota is 2048 MB per app.
Note: If the total size of the Docker image file system layers exceeds the disk quota, the app instances do not start.
- The Docker image must contain an
The location of the Docker image on Docker Hub or another Docker registry.
A registry that supports the Docker Registry HTTP API V2 and presents a valid certificate for HTTPS traffic. For more information, see the Docker Registry HTTP API V2 spec in the Docker documentation.
Requirement for cf ssh Support
If you want to log in to your app container using the cf ssh
command, you must make a shell such as sh
or bash
available in the container.
The SSH server in the container looks for the following executables in absolute locations or the PATH
environment variable:
/bin/bash
/usr/local/bin/bash
/bin/sh
bash
sh
Benefits of Specifying Tags
If you want your app container to be consistent after platform updates and code changes, specify a tag when you push your Docker image. Otherwise, the platform applies the latest
tag without respecting changes to PORT
or ENTRYPOINT
.
If you push your Docker image without specifying a tag, you must run cf restage
for the changes to take effect.
Port Configuration
By default, apps listen for connections on the port specified in the PORT
environment variable for the app. CF allocates this value dynamically.
When configuring a Docker image for CF, you can control the exposed port and the corresponding value of PORT
by specifying the EXPOSE
directive in the image Dockerfile. If you specify the EXPOSE
directive, then the corresponding app pushed to CF listens on that exposed port. For example, if you set EXPOSE
to 7070
, then the app listens for connections on port 7070.
If you do not specify a port in the EXPOSE
directive, then the app listens on the value of the PORT
environment variable as determined by CF.
If you set the PORT
environment variable via an ENV
directive in a Dockerfile, CF overrides the value with the system-determined value.
CF supports only one exposed port on the image.
For more information about the PORT
environment variable, see the PORT section of the CF Environment Variables topic. For more information about the EXPOSE
directive, see the EXPOSE section of the Dockerfile reference topic in the Docker documentation.
Start Command
By default, Docker uses the start command specified in the Docker image. You can override the start command either by using a command-line parameter or by specifying it in a manifest file.
For more information about command-line parameters for docker start
, see docker start in the Docker Documentation.
Push a Docker Image from a Registry
CF supports pushing apps from container registries such as Docker Hub, Google Container Registry (GCR), and Amazon Elastic Container Registry (ECR).
How you run cf push
with apps stored in container registries depends on which registry you use and how it authenticates requests for the container image.
The sections below explain how to push apps under different container registry scenarios.
Docker Hub
To deploy a Docker image from a Docker Hub repository, run:
Where:
APP-NAME
is the name to give the pushed app on CF.REPO
is the name of the repository where the image is stored.IMAGE
is the name of the app image on Docker Hub.(Optional, but recommended)
TAG
is the tag or version for the image.
For example, the following command pushes the your-image
image from Docker Hub to a CF app:
Private Container Registry without Authentication
Add Aws Cli To Docker Image Download
As an alternative to Docker Hub, you can use any Docker image registry that presents a valid certificate for HTTPS traffic, such as a company-internal Docker registry.
To push an app as a Docker image using a specified Docker registry, run:
Where:
APP-NAME
is the name to give the pushed app on CF.YOUR-PRIVATE-REGISTRY.DOMAIN
is the path to the Docker registry.PORT
is the port where the registry serves traffic.REPO
is the name of the repository where the image is stored.IMAGE
is the name of the app image being pushed.(Optional, but recommended)
TAG
is the tag or version for the image.
For example, the following command pushes the v2
version of the your-image
image from the your-repo
repository of the internal-registry.example.com
registry on port 5000
:
Private Container Registry with Basic Authentication
Many Docker registries control access to Docker images by authenticating with a username and password.
To push an app as a Docker image from a registry that uses basic username and password authentication, run:
Where:
YOUR-PASSWORD
is the password to use for authentication with the Docker registry.- Setting
CF_DOCKER_PASSWORD
prepended to thecf push --docker-image
makes the value temporary, which is more secure than setting the environment variable indefinitely withexport
.
- Setting
APP-NAME
is the name to give the pushed app on CF.REPO
is the repository where the image is stored.- For Docker Hub, this is just the repository name.
- For a private registry, this includes the registry address and port, as described in Push a Docker Image from a Private Registry, in the format
YOUR-PRIVATE-REGISTRY.DOMAIN:PORT/REPO
.
IMAGE
is the name of the app image being pushed.(Optional, but recommended)
TAG
is the tag or version for the image.USER
is the username to use for authentication with the registry.
Amazon Elastic Container Registry (ECR)
CF supports pushing apps from images hosted on Amazon Web Services ECR, which authenticates with temporary password tokens.
To push an app as a Docker image from ECR, run:
Where:
AWS-SECRET-ACCESS-KEY
is the AWS Secret Access Key for the IAM user accessing the ECR registry.- Setting
CF_DOCKER_PASSWORD
prepended to thecf push --docker-image
makes the value temporary, which is more secure than setting the environment variable indefinitely withexport
.
- Setting
APP-NAME
is the name to give the pushed app on CF.REPO
is the ECR repository containing the image being pushed.IMAGE
is the name of the app image being pushed.(Optional, but recommended)
TAG
is the tag or version for the image.AWS-ACCESS-KEY-ID
is the AWS Access Key ID for the IAM user accessing the ECR registry.
Running cf push
with an ECR registry triggers CF to:
Use the AWS Secret Access Key and Access Key ID to retrieve the temporary ECR username and password.
Use the temporary tokens to retrieve the image.
Google Container Registry (GCR)
CF supports pushing apps from images hosted on Google Container Registry (GCR) service.This feature requires that you use JSON key-based authentication.For more information about JSON key authentication,see the Google Cloud documentation.
Step 1: Authenticate with GCR
To authenticate with GCR, you must create a JSON key file and associate it with your project.
To create a JSON key file and associate it with your project:
Create a GCP service account. To create a GCP service account,see the Google Cloud documentation.Run:
Where:
YOUR-ACCOUNT
is the name of your service account.YOUR-DISPLAY-NAME
is the display name of your service account.
Set your project ID by running:
Where
YOUR-PROJECT-ID
is your project ID.Create a JSON key file and associate it with the service account by running:
Where:
YOUR-ACCOUNT
is the name of your service account.YOUR-PROJECT-ID
is your project ID.
Add the IAM policy binding for your project and service account by running:
Where:
YOUR-PROJECT
is the name of your project.YOUR-ACCOUNT
is the name of your service account.YOUR-PROJECT-ID
is your project ID.
Step 2: Deploy the GCP Image
To deploy your GCR image using the cf CLI, run:
Where:
APP-NAME
is the name of the app being pushed.YOUR-REGISTRY-URL
is the URL of your registry.YOUR-PROJECT
is the name of your project.YOUR-IMAGE-NAME
is the name of your image.
Note: The key.json
file must point to the file you created in the previous step.
Note: For information about specifying YOUR-REGISTRY-URL
, see Pushing and Pulling Images in the Google Cloud documentation.
Docker Volume Support
You can use volume services with Docker apps. For more information about enabling volume support, see Using an External File System (Volume Services).
Create a pull request or raise an issue on the source for this page in GitHub