Use ECR (aws container registry ) as S2I registry - unix1998/technical_notes GitHub Wiki
we can configure OpenShift to use an external container registry, such as AWS ECR (Elastic Container Registry), as the destination for images built using Source-to-Image (S2I). This involves modifying the build configuration to push images to your specified registry instead of the default integrated OpenShift registry. Here's a general outline of how you can achieve this:
-
Create and Configure AWS ECR Repository:
- Create a repository in AWS ECR where you want to store your images.
-
Configure Authentication with AWS ECR:
- OpenShift needs credentials to push images to AWS ECR. You can use a Kubernetes Secret to store these credentials.
- First, retrieve the login command for your AWS ECR:
aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
- Create a Kubernetes Secret in OpenShift with these credentials:
oc create secret docker-registry ecr-secret \ --docker-server=<aws_account_id>.dkr.ecr.<region>.amazonaws.com \ --docker-username=AWS \ --docker-password=$(aws ecr get-login-password --region <your-region>) \ --docker-email=<your-email>
-
Link the Secret to the Default Service Account:
- This ensures that the build pods can use the credentials to push images.
oc secrets link default ecr-secret --for=pull,push
- This ensures that the build pods can use the credentials to push images.
-
Modify the Build Configuration:
- Update your BuildConfig to push the built images to AWS ECR instead of the default OpenShift registry.
- You can do this by modifying the
outputsection of your BuildConfig to specify the external registry.apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: name: my-java-app spec: source: type: Git git: uri: "https://github.com/your-repo/your-java-app.git" strategy: type: Source sourceStrategy: from: kind: ImageStreamTag name: 'java:latest' output: to: kind: DockerImage name: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/your-ecr-repo:latest
-
Deploy the Application:
- Once the BuildConfig is set up, you can trigger a build, and it will push the image to AWS ECR.
oc start-build my-java-app
- Once the BuildConfig is set up, you can trigger a build, and it will push the image to AWS ECR.
-
Create a Deployment Config or Deployment:
- Ensure your deployment configuration pulls the image from AWS ECR. This typically involves updating the image reference in your Deployment or DeploymentConfig to point to the ECR image URL.
apiVersion: apps/v1 kind: Deployment metadata: name: my-java-app spec: replicas: 1 selector: matchLabels: app: my-java-app template: metadata: labels: app: my-java-app spec: containers: - name: my-java-app image: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/your-ecr-repo:latest ports: - containerPort: 8080
- Ensure your deployment configuration pulls the image from AWS ECR. This typically involves updating the image reference in your Deployment or DeploymentConfig to point to the ECR image URL.
By following these steps, you can configure OpenShift to use AWS ECR as the container registry for your S2I builds. This involves setting up AWS ECR, creating a Docker registry secret in OpenShift, linking that secret to your build service account, and modifying your BuildConfig and Deployment to push and pull images from AWS ECR. This way, OpenShift can handle builds and deployments with your specified external container registry.