Creating private Docker repositories with Terraform
by Pierre Pomes, Stephane Jourdan
Infrastructure as Code (IAC) Cookbook
- Infrastructure as Code (IAC) Cookbook
- Table of Contents
- Infrastructure as Code (IAC) Cookbook
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Preface
- 1. Vagrant Development Environments
- Introduction
- Adding an Ubuntu Xenial (16.04 LTS) Vagrant box
- Using a disposable Ubuntu Xenial (16.04) in seconds
- Enabling VirtualBox Guest Additions in Vagrant
- Using a disposable CentOS 7.x with VMware in seconds
- Extending the VMware VM capabilities
- Enabling multiprovider Vagrant environments
- Customizing a Vagrant VM
- Using Docker with Vagrant
- Using Docker in Vagrant for a Ghost blog behind NGINX
- Using Vagrant remotely with AWS EC2 and Docker
- Simulating dynamic multiple host networking
- Simulating a networked three-tier architecture app with Vagrant
- Showing your work on the LAN while working with Laravel
- Sharing access to your Vagrant environment with the world
- Simulating Chef upgrades using Vagrant
- Using Ansible with Vagrant to create a Docker host
- Using Docker containers on CoreOS with Vagrant
- 2. Provisioning IaaS with Terraform
- Introduction
- Configuring the Terraform AWS provider
- Creating and using an SSH key pair to use on AWS
- Using AWS security groups with Terraform
- Creating an Ubuntu EC2 instance with Terraform
- Generating meaningful outputs with Terraform
- Using contextual defaults with Terraform
- Managing S3 storage with Terraform
- Creating private Docker repositories with Terraform
- Creating a PostgreSQL RDS database with Terraform
- Enabling CloudWatch Logs for Docker with Terraform
- Managing IAM users with Terraform
- 3. Going Further with Terraform
- Introduction
- Handling different environments with Terraform
- Provisioning a CentOS 7 EC2 instance with Chef using Terraform
- Using data sources, templates, and local execution
- Executing remote commands at bootstrap using Terraform
- Using Docker with Terraform
- Simulating infrastructure changes using Terraform
- Teamwork – sharing Terraform infrastructure state
- Maintaining a clean and standardized Terraform code
- One Makefile to rule them all
- Team workflow example
- Managing GitHub with Terraform
- External monitoring integration with StatusCake
- 4. Automating Complete Infrastructures with Terraform
- Introduction
- Provisioning a complete CoreOS infrastructure on Digital Ocean with Terraform
- Provisioning a three-tier infrastructure on Google Compute Engine
- Provisioning a GitLab CE + CI runners on OpenStack
- Managing Heroku apps and add-ons using Terraform
- Creating a scalable Docker Swarm cluster on bare metal with Packet
- 5. Provisioning the Last Mile with Cloud-Init
- Introduction
- Using cloud-init on AWS, Digital Ocean, or OpenStack
- Handling files using cloud-init
- Configuring the server's time zone using cloud-init
- Managing users, keys, and credentials using cloud-init
- Managing repositories and packages using cloud-init
- Running commands during boot using cloud-init
- Configuring CoreOS using cloud-init
- Deploying Chef Client from start to finish using cloud-init
- Deploying a remote Docker server using cloud-init
- 6. Fundamentals of Managing Servers with Chef and Puppet
- Introduction
- Getting started (notions and tools)
- Installing the Chef Development kit and Puppet Collections
- Creating a free hosted server Chef account and a Puppet server
- Automatically bootstrapping a Chef client and a Puppet agent
- Installing packages
- Managing services
- Managing files, directories, and templates
- Handling dependencies
- More dynamic code using notifications
- Centrally sharing data using a Chef data bag and Hiera with Puppet
- Creating functional roles
- Managing external Chef cookbooks and Puppet modules
- 7. Testing and Writing Better Infrastructure Code with Chef and Puppet
- Introduction
- Linting Chef code with Foodcritic and Puppet code with puppet-lint
- Unit testing with ChefSpec and rspec-puppet
- Getting ready
- How to do it…
- The Spec Helper
- Testing a successful Chef run context
- Testing a package installation
- Testing services status
- Testing another recipe from the same cookbook
- Testing directory creation
- Testing file creation
- Testing templates creation
- Stubbing data bags for searches
- Testing recipes inclusion
- Intercepting errors in tests
- There's more…
- See also
- Testing infrastructure with Test Kitchen for Chef and Beaker for Puppet
- Integration testing with ServerSpec
- 8. Maintaining Systems Using Chef and Puppet
- Introduction
- Maintaining consistent systems using scheduled convergence
- Creating environments
- Using Chef encrypted data bags and Hiera-eyaml with Puppet
- Using Chef Vault encryption
- Accessing and manipulating system information with Ohai
- Automating application deployment (a WordPress example)
- Using a TDD workflow
- Planning for the worse – train to rebuild working systems
- 9. Working with Docker
- Introduction
- Docker usage overview
- Choosing the right Docker base image
- Getting ready
- How to do it…
- Starting from an Ubuntu image
- Starting from a CentOS image
- Starting from a Red Hat Enterprise Linux (RHEL) image
- Starting from a Fedora image
- Starting from an Alpine Linux image
- Starting from a Debian image
- Linux distributions container image size table
- Starting from a Node JS image
- Starting from a Golang image
- Starting from a Ruby image
- Starting from a Python image
- Starting from a Java image
- Starting from a PHP image
- See also
- Optimizing the Docker image size
- Versioning Docker images with tags
- Deploying a Ruby-on-Rails web application in Docker
- Building and using Golang applications with Docker
- Networking with Docker
- Creating more dynamic containers
- Auto-configuring dynamic containers
- Better security with unprivileged users
- Orchestrating with Docker Compose
- Linting a Dockerfile
- Deploying a private Docker registry with S3 storage
- 10. Maintaining Docker Containers
- Introduction
- Testing Docker containers with BATS
- Test-Driven Development (TDD) with Docker and ServerSpec
- The workflow for creating automated Docker builds from Git
- The workflow for connecting the Continuous Integration (CI) system
- Scanning for vulnerabilities with Quay.io and Docker Cloud
- Sending Docker logs to AWS CloudWatch logs
- Monitoring and getting information out of Docker
- Debugging containers using sysdig
- Index
To host your Docker images, you need what's called a registry. This registry is either run by you or as a service. It stores your images for you and sometimes builds them too. The Docker Hub and Quay.io from CoreOS are the main Docker-managed registries you can subscribe to. Both are interesting in terms of features or pricing. However, an interesting alternative is AWS Elastic Container Registry (ECR): pricing is different and fully integrated in the AWS ecosystem. Let's create countless repositories simply with Terraform!
To step through this recipe, you will need the following:
- A working Terraform installation
- An AWS provider configured in Terraform (refer to the previous recipes)
- A configured AWS CLI (http://docs.aws.amazon.com/cli/latest/userguide/installing.html)
- An Internet connection
Let's say you want to store your application container in a repository named myapp, so you can deploy it easily. It's very simple with Terraform. Add the following code to a file named ecr.tf:
resource "aws_ecr_repository" "myapp" {
name = "myapp"
}If you want to know the URL to access your new repository, you can create an output using the corresponding exported attribute:
output "ECR" {
value = "${aws_ecr_repository.myapp.repository_url}"
}If you're used to the other Docker registries, the first step is to authenticate so you create private repositories. Here, no login or password are provided by AWS. We need to use the official AWS command line to authenticate, and that will give us temporary Docker credentials. The output of this command is the Docker command to type:
$ aws ecr get-login --region eu-west-1 docker login -u AWS -p AQECAHh... -e none https://<account_number>.dkr.ecr.eu-west-1.amazonaws.com
Now we can docker build, tag, and push images at will! (See more about using Docker images in the dedicated chapter of this book.)
A nice advanced feature is the ability to use fine-grained policies for each repository created.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.