How do I use Spinup Container Repositories?

Owned by Camden Fisher (Unlicensed), created
Last updated: Jul 20, 2021
3 min read

The Spinup Container Repository service to allows you to deploy fully managed docker image repositories. Images can be pushed from your workstation or CI/CD pipeline and used by the Spinup Container Services or your own docker runtime. All images are stored encrypted and automatically scanned for security vulnerabilities using the Clair vulnerability scanner. You are charged only for the storage used.

Instructions

Prerequisites

  • An active Spinup login and a space with charging instructions

  • AWS CLI installed to get your docker login password from AWS (or the ECR Docker Credential Helper linked below)

  • Docker installed where you wish to build your docker image

Creating a new repository

  1. Login to Spinup and select the space where you would like to create your repository.

  2. Click the Create button.

  3. Scroll down to the Containers category and select “Container Repository”

  4. Enter a name for your repository (this will be validated automatically).

  5. Click the “Create Container Registry button”

Create a User and Login

  1. Navigate to your container repository in the Spinup portal

  2. Select the Users tab on the left

  3. Click the “+” to add a new user, set the name and click “Save”

  4. Click the “Create Key” button and open your terminal

  5. Authenticate your docker environment with the AWS registry using the given credentials and your Repository Uri at the top of the page

    export AWS_ACCESS_KEY_ID=keykeykey export AWS_SECRET_ACCESS_KEY=secretsecretsecret aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <<repositoryUri>>

You are actually logging into a shared docker registry (a collection of image repositories) with a user that only has access to your repository. Because of this, when you docker login for one Spinup container repository, you are actually replacing your locally cached login credentials for any previous Spinup container repository that you have logged into and you will need to re-login.

Your access key and secret do not expire, keep them safe. The authorization token/docker login is valid for 12 hours.

If you are managing a lot of repositories, instead of using environment variables, it might be simpler to create login profiles in your AWS CLI and reference those to login to the registry

aws --profile myapp ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <<repositoryUri>>

and/or use the Amazon ECR Credential Helper
https://github.com/awslabs/amazon-ecr-credential-helper

 Pushing an image tag into a repository

  1. Ensure your docker environment is logged into the image repository

  2. Ensure your image is tagged with your repository. For example, if you repository is 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp

    docker tag myapp:v1.0.0 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp:v1.0.0 or docker build . -t 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp:v1.0.0

  3. Push the tagged image to your repository

    docker push 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp:v1.0.0

  4. Review the security findings for the pushed image in the Spinup portal

Sharing a repository access with another space

By default, all container services within a space automatically have access to pull images from any container repository within the same space. Sometimes, you may want to leverage those same images from other spaces.

  1. Navigate to the container repository in the Spinup portal

  2. Select the Sharing tab on the left

  3. Click the “+” next to Add Space

  4. Select the space you would like to give access to images in this repository

  5. Click the Add button