Spinnaker is a great tool to orchestrate Continuous delivery (CD) for software. Triggering Spinnaker pipelines based on some events such as Git based events, Docker image push events, successful Jenkins Build, etc, is usually implemented in software delivery to enhance convenience and flexibility.
For e.g. To achieve GitOps, DevOps engineers configure Spinnaker pipeline to be triggered based on Git commit or merge request. You can find the blog here.
In this blog, I will discuss a bit of a different use case- how to trigger a Spinnaker pipeline if there are any new Docker image pushes (more precisely Image with new tags). You can find a simple depiction of the use-case below:
Let’s look at the procedure as how to setup Spinnaker pipeline to get triggered on pushing Docker image tags
- Working Spinnaker instance, and
- A Valid Docker registry in which you can push images to or pull images from
Assuming that you have a private or public Docker registry, if you look at a tag of an image, you will notice the Docker pull command is available for your image. Let’s just consider the sample image is: opsmx.jfrog.io/default-docker-local/sagayd/demo-app:v1. In this case, the docker pull command would have been,
docker pull opsmx.jfrog.io/default-docker-local/sagayd/demo-app:v1
Setting up a Docker Registry in Spinnaker Halyard
- Get into the Halyard Pod of Spinnaker.
- Add a Docker Registry as below.
- You may setup the Registry Address and Repositories as environment variables.
- The commands to setup Docker Account in Halyard for the sample Docker image is,
#Address value should be just DNS hostname, do not include any sub-path or URI after the hostname ADDRESS=opsmx.jfrog.io REPOSITORIES=default-docker-local/sagayd/demo-app #Multiple repo are separated with space. Pub repo is prefixed with library/ (e.g. library/ngnix) and private repositories are prefixed with username/ (e.g. sagayd/demoapp) hal config provider docker-registry account add \ jfrog-opsmxdemo-dcr \ --address $ADDRESS \ --repositories $REPOSITORIES \ #--insecure-registry=true --track-digests=true --username $USERNAME \ --password #You will be prompted for your password on STDIN
Note: The parameter –track-digests=true is an important one to include so pipeline can be triggered automatically even if the tag exist already but the content is changed with digest (hash value)
hal deploy apply
Configuring Pipeline to execute automatically on Docker Image Push
- Go to Spinnaker UI, Select your pipeline, and go to its Configuration settings. In the ‘Configure’ stage, select the Docker Registry (Account) name (This was added in the previous Halyard step), Image name. Under the ‘Tag’ field, you can write regular expressions to match only selective tags as input criteria to trigger pipeline execution.
- Make ‘Trigger Enabled’ is selected. See sample screenshot below
Testing automated Pipeline run on a new Image tag push
1. You can command something similar to the below one
docker tag sagayd/demo-app:v1 opsmx.jfrog.io/default-docker-local/sagayd/demo-app:v1 docker push opsmx.jfrog.io/default-docker-local/sagayd/demo-app:v1
2. Wait for a few minutes after the above commands to check if the Pipeline is triggered automatically. For me, I got the pipeline executed as in the below screenshot
Troubleshooting of Docker account configuration in Halyard
You may see some errors during the Configuration or Execution. See our experience below
Problem: On adding Docker registry account, you may get an error message like the below
default.provider.dockerRegistry.jfrog-opsmxdemo-dcr: ! ERROR Unable to fetch tags from the docker repository: sagayd/demo-app, 404 Not Found ? Can the provided user access this repository?
Cause: The above error could be caused by one of two reasons:
1. Incorrect ADDRESS and REPOSITORIES,
2. Incorrect credentials.
Solution 1: Incorrect ADDRESS and REPOSITORIES
You could have input the ADDRESS with HostName plus some sub-path (e.g. opsmx.jfrog.io/default-docker-local). This is not recognized by the Halyard as the AddRESS value is used internally to fetch Image catalog and other information. So the address should be just HostName and no sub-paths.
Solution 2: Incorrect Credential
Make sure you are able to login to your Docker registry manually and do docker push via command line. If your Cred is working, make sure to pass the same cred when add the Docker registry account in Halyard.
In case you have docker registries like Docker HUB, AWS ECR, or private Docker registry, you can use the aforementioned configuration to deploy artifacts into the Kubernetes environment automatically using Spinnaker pipelines.
If you are using Spinnaker and want to enhance visibility, configuration and security, then try the free Spinnaker add-on today.