GuidesDiscussionsAPI Reference

Docker Image Deployment

Suggest Edits

Instructions below describe how you can deploy a Docker image-based application.

Creating a Sample Application using Docker image

📘

Environment

You can deploy application to a target namespace in a cluster, optionally monitoring set of policies (framework). To do this you should create environment, for details see: Managing Environments

As part of this example, we create an application called bulletinboard:

lapps app deploy bulletinboard -t shipa-admin-team --environment [NAME] -i docker.io/shipasoftware/bulletinboard:1.0

Once the command above has been executed, all available applications using the app list command are listed.

lapps app list
+---------------+---------------------------+--------------------------------------+
| Application   |Status     |  Managed      | Address                              |
+---------------+---------------------------+--------------------------------------+
| bulletinboard | 1 running |     true      | bulletinboard.192.168.0.4.shipa.cloud|
+---------------+---------------------------+--------------------------------------+

You can deploy an existing Docker image using the dashboard or the CLI as shown below:

The application is available through the Address provided in the output of the _app list _command once the deployment is complete.

Private Registry

For private registries, in the UI, you can specify a registry username and registry token/password in the Application Deployment prompts.

If leveraging the CLI, you can pass the --private-image flag and the CLI will interactively prompt you for the credentials or you can export the following into environment variables. 

export LAPPS_REGISTRY_USERNAME="arn:aws:iam::123456789:user/bacon"
export LAPPS_REGISTRY_PASSWORD="abcdefg#/abcdefg#/"
lapps app deploy -i *.dkr.ecr.us-east-1.amazonaws.com/boardandco/bulletinboard:1.0 -a bulletinboard --private-image

Alternatively, you can set up Docker credentials for a set of frameworks. This allows application deployment from private registries without providing credentials.

lapps credential add dockercreds --provider docker --framework framework1 --path ~/.docker/config.json

Once configured, deploy images from your private Docker repositories whose secrets are defined in Docker config.json. Here is a sample Docker config.json for docker.io, Google container registry (GCR), GitHub container registry (GHCR), and Amazon container registry (ECR):

{
	"auths": {
		"AWS_ACCOUNT_ID.dkr.ecr.AWS_REGION.amazonaws.com": {
			"auth": "base64-secret"
		},
		"gcr.io": {
			"auth": "base64-secret"
		},
		"ghcr.io": {
			"auth": "base64-secret"
		},
		"https://index.docker.io/v1/": {
			"auth": "token"
		},
		"vivek7.jfrog.io": {}
	},
	"credHelpers": {
		"asia.gcr.io": "gcloud",
		"eu.gcr.io": "gcloud",
		"gcr.io": "gcloud",
		"marketplace.gcr.io": "gcloud",
		"staging-k8s.gcr.io": "gcloud",
		"us.gcr.io": "gcloud"
	},
	"experimental": "disabled",
	"stackOrchestrator": "swarm",
	"currentContext": "desktop-linux"
}

Google Cloud Artifact Registry

If you are using Artifact Registry as your Private Container Registry of choice as well as a Service Account created via IAM with the roles/artifactregistry.reader Role, here is how you can connect your Application via the following:

Artifact Registry Authentication

gcloud auth print-access-token \
    --impersonate-service-account ACCOUNT | docker login \
    -u oauth2accesstoken \
    --password-stdin https://LOCATION-docker.pkg.dev

Via the Lens AppIQ UI, you can pass in the following fields:

Image URL: <artifact-registry-region>-docker-docker.pkg.dev/<repository>/<image>:<image_tag>
Registry Username: oauth2accesstoken
Registry Secret: $(gcloud auth print-access-token --impersonate-service-account *.iam.gserviceaccount.com)

Updated 3 months ago