How do I use Spinup Container Repositories?
The Spinup Container Repository service to allows you to deploy fully managed docker image repositories. Images can be pushed from your workstation or CI/CD pipeline and used by the Spinup Container Services or your own docker runtime. All images are stored encrypted and automatically scanned for security vulnerabilities using the Clair vulnerability scanner. You are charged only for the storage used.
Instructions
Prerequisites
An active Spinup login and a space with charging instructions
AWS CLI installed to get your docker login password from AWS (or the ECR Docker Credential Helper linked below)
Docker installed where you wish to build your docker image
Creating a new repository
Login to Spinup and select the space where you would like to create your repository.
Click the Create button.
Scroll down to the Containers category and select “Container Repository”
Enter a name for your repository (this will be validated automatically).
Click the “Create Container Registry button”
Create a User and Login
Navigate to your container repository in the Spinup portal
Select the Users tab on the left
Click the “+” to add a new user, set the name and click “Save”
Click the “Create Key” button and open your terminal
Authenticate your docker environment with the AWS registry using the given credentials and your Repository Uri at the top of the page
export AWS_ACCESS_KEY_ID=keykeykey export AWS_SECRET_ACCESS_KEY=secretsecretsecret aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <<repositoryUri>>
You are actually logging into a shared docker registry (a collection of image repositories) with a user that only has access to your repository. Because of this, when you docker login
for one Spinup container repository, you are actually replacing your locally cached login credentials for any previous Spinup container repository that you have logged into and you will need to re-login.
Your access key and secret do not expire, keep them safe. The authorization token/docker login is valid for 12 hours.
If you are managing a lot of repositories, instead of using environment variables, it might be simpler to create login profiles in your AWS CLI and reference those to login to the registry
aws --profile myapp ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <<repositoryUri>>
and/or use the Amazon ECR Credential Helper
GitHub - awslabs/amazon-ecr-credential-helper: Automatically gets credentials for Amazon ECR on docker push/docker pull
Pushing an image tag into a repository
Ensure your docker environment is logged into the image repository
Ensure your image is tagged with your repository. For example, if you repository is 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp
docker tag myapp:v1.0.0 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp:v1.0.0 or docker build . -t 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp:v1.0.0
Push the tagged image to your repository
docker push 8765432101.dkr.ecr.us-east-1.amazonaws.com/spinup-00112233/spinup-00112233-myapp:v1.0.0
Review the security findings for the pushed image in the Spinup portal
Sharing a repository access with another space
By default, all container services within a space automatically have access to pull images from any container repository within the same space. Sometimes, you may want to leverage those same images from other spaces.
Navigate to the container repository in the Spinup portal
Select the Sharing tab on the left
Click the “+” next to Add Space
Select the space you would like to give access to images in this repository
Click the Add button