def get_registry_info(rid):
creds = aws.ecr.get_credentials(registry_id=rid)
decoded = base64.b64decode(creds.authorization_token).decode()
parts = decoded.split(':')
if len(parts) != 2:
raise Exception("Invalid credentials")
return docker.ImageRegistry(creds.proxy_endpoint, parts[0], parts[1])
def getRegistryInfo(info):
# We are given a Docker creds file; parse it to find the temp username/password.
auth_json = info[0]
auths = json.loads(auth_json)
server_url = info[1]
auth_token = auths['auths'][server_url]['auth']
decoded = base64.b64decode(auth_token).decode()
parts = decoded.split(':')
if len(parts) != 2:
raise Exception('Invalid credentials')
return docker.ImageRegistry(server_url, parts[0], parts[1])
def get_registry_info(creds):
decoded = base64.b64decode(creds.authorization_token).decode()
parts = decoded.split(':')
if len(parts) != 2:
raise Exception("Invalid credentials")
username = parts[0]
password = parts[1]
return docker.ImageRegistry(
server=creds.proxy_endpoint,
username=username,
password=password)
sku=containerregistry.SkuArgs(name="Basic"),
admin_user_enabled=True)
credentials = pulumi.Output.all(resource_group.name, registry.name).apply(
lambda args: containerregistry.list_registry_credentials(resource_group_name=args[0],
registry_name=args[1]))
admin_username = credentials.username
admin_password = credentials.passwords[0]["value"]
custom_image = "node-app"
my_image = docker.Image(custom_image,
image_name=registry.login_server.apply(
lambda login_server: f"{login_server}/{custom_image}:v1.0.0"),
build=docker.DockerBuild(context=f"./{custom_image}"),
registry=docker.ImageRegistry(
server=registry.login_server,
username=admin_username,
password=admin_password))
container_app = web.ContainerApp("app",
resource_group_name=resource_group.name,
kube_environment_id=kube_env.id,
configuration=web.ConfigurationArgs(
ingress=web.IngressArgs(
external=True,
target_port=80
),
registries=[
web.RegistryCredentialsArgs(
server=registry.login_server,
username=admin_username,
password_secret_ref="pwd")
value=random.RandomPassword(
'mypass',
length=32,
opts=pulumi.ResourceOptions(
additional_secret_outputs=['result'])).result,
end_date_relative='8760h',
)
sp_auth = azure.authorization.Assignment(
'myauth',
scope=registry.id,
role_definition_name='acrpush',
principal_id=sp.id,
)
registry_info = docker.ImageRegistry(
server=registry.login_server,
username=sp.application_id,
password=sp_auth.id.apply(lambda _: sp_password.value),
)
else:
registry_info = docker.ImageRegistry(server=registry.login_server,
username=registry.admin_username,
password=registry.admin_password)
# Build and publish the image.
image = docker.Image(
'my-image',
build='app',
image_name=image_name,
registry=registry_info,
)
import pulumi_docker as docker
from pulumi_kubernetes.apps.v1 import Deployment
from pulumi_kubernetes.core.v1 import Secret, Service
# Fetch the Docker Hub auth info from config.
config = pulumi.Config()
username = config.require('dockerUsername')
password = config.require_secret('dockerPassword')
# Build and publish the image.
image = docker.Image('my-image',
build='app',
image_name=f'{username}/myapp',
registry=password.apply(lambda pwd: docker.ImageRegistry(
server='docker.io',
username=username,
password=pwd,
)),
)
# Ensure we can pull from the Docker Hub.
pull_secret = Secret('my-regcred',
type='kubernetes.io/dockerconfigjson',
string_data={
'.dockerconfigjson': password.apply(lambda pwd: json.dumps({
'auths': {
'https://index.docker.io/v1/': {
'username': username,
'password': pwd,
'auth': str(base64.b64encode(f'{username}:{pwd}'.encode('utf-8')), 'utf-8'),
},
def create_image_registry(rid):
creds = ecr.get_credentials(rid)
decoded = base64.b64decode(creds.authorization_token).decode('utf-8')
username, password = decoded.split(':')
return docker.ImageRegistry(creds.proxy_endpoint, username, password)
import pulumi
import pulumi_aws as aws
import pulumi_docker as docker
bucket = aws.s3.Bucket("bucket")
repo = aws.ecr.Repository("sampleapp")
ecr_creds = aws.ecr.get_authorization_token()
image = docker.Image("sampleapp",
build="./build-ffmpeg",
image_name=repo.repository_url,
registry=docker.ImageRegistry(
server=repo.repository_url,
username=ecr_creds.user_name,
password=ecr_creds.password))
role = aws.iam.Role("thumbnailerRole",
assume_role_policy=f"""{{
"Version": "2012-10-17",
"Statement": [
{{
"Effect": "Allow",
"Principal": {{ "Service": "lambda.amazonaws.com" }},
"Action": "sts:AssumeRole"
}}
]
}}""")
aws.iam.RolePolicyAttachment(
"lambdaFullAccess",
"""An Azure Python Pulumi program"""
import pulumi
from pulumi_azure import core, containerservice
import pulumi_docker
# Create an Azure Resource Group
resource_group = core.ResourceGroup('miw_20200729')
# Create registry
registry = containerservice.Registry('registry',
admin_enabled=True,
sku='Basic',
resource_group_name=resource_group.name)
# ImageRegistry
r = pulumi.Output.all(
registry.login_server, registry.admin_username,
registry.admin_password).apply(
lambda a: pulumi_docker.ImageRegistry(a[0], a[1], a[2]))
# Build and publish image
image = pulumi_docker.Image(
"my-app",
image_name=registry.login_server.apply(lambda s: f'{s}/my-app:v1.0.0'),
build=pulumi_docker.DockerBuild(context='./my-app'),
registry=r)
def get_registry_info(token):
return docker.ImageRegistry(
server='docker.io',
username=username,
password=token,
)
