Why would you need this setup ever?
For organizations that build their own Base Images or have custom Docker Base Images, will most likely be hosted on a private Docker Registry like AWS etc.
To run those Dockerfiles on your local machine, one would require to authenticate first. There can be external authorization services being used in combination with Docker Registries like Artifactory (jFrog).
What is a Docker (private) registry?
A Docker registry is a storage and distribution system for named Docker images.
A private Docker registry allows you to share and use base images within your organization. It is a centralized source of truth for the building blocks of your architecture.
Getting Started
In this example, we would focus on Artifactory as a Authorization Service for our private images and plugins.
Downloading the base Custom Image:
You will need to login into the Docker Registry using your credentials.
For Artifactory,
- Login to your company's Artifactory client.
- Click on top-right corner on your name.
- Select
Set me up - Package Type:
docker - Select relevant Repository.
Now, you should see the command you need to run to authenticate and download private images.
It should be something like:
docker login {org-name}-{docker-repository-name}.jfrog.io
Alternatively, you can manually add your credentials in ~/.docker/config.json file like:
{
"auths": {
"https://{org-name}-{docker-repository-name}.jfrog.io": {
"auth": "{username}:{PASSWORD} (converted to base 64)",
"email": "youremail@email.com"
}
}
}
Now that you have access to download custom private images. Lets take a look at what our Dockerfile would look like and how can we install private libraries which are also hosted on Artifactory.
Setting up Dockerfile for private libraries:
We will be focusing on Artfactory as an authentication service for our private libraries / gems etc.
Our Dockerfile should look something like this:
# Fetch base image
FROM {org-name}-{docker-repository-name}.jfrog.io/{path-to-docker-image}
LABEL maintainer="Tanmay Jain <tanmayj28@gmail.com>"
# Setup your work directory
ARG APP_HOME=/home/app/web
WORKDIR $APP_HOME
# Copy required files
COPY Gemfile.lock $APP_HOME
RUN gem install bundler --force -N -v "$(tail -n 1 Gemfile.lock | tr -d '[:blank:]\n')" && bundle --version
COPY . $APP_HOME
RUN chown -R app:app $APP_HOME
USER app
# Setup ssh keys to allow installing gems from artifactory
ARG SSH_KEY
ENV SSH_KEY=$SSH_KEY
# Create id_rsa from string arg, and set permissions
RUN echo "$SSH_KEY" > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
# Create known_hosts
RUN touch /root/.ssh/known_hosts
# bundle rubygems
ENV BUNDLE_DEPLOYMENT=true
ARG BUNDLE_JOBS=4
ARG BUNDLE_WITHOUT=development:test
RUN --mount=type=ssh,target=/home/app/.ssh/id_rsa,uid=9999,gid=9999 \
--mount=type=secret,id=artifactory,uid=9999,gid=9999 \
BUNDLE_{ORG-NAME}__JFROG__IO={JFROG_USERNAME}:{JFROG_API_KEY} bundle install
EXPOSE 3000
CMD ["bundle", "exec", "rails", "server"]
and we would build from our Dockerfile using command:
docker build --build-arg SSH_KEY="$(cat ~/.ssh/id_rsa)" .
Lets take a look at what we did above:
- Following command would fetch your private custom base image which now you have access to.
FROM {org-name}-{docker-repository-name}.jfrog.io/{path-to-docker-image}
- Following command would copy your
Gemfile.lock, which is needed for bundlig gems. You would need other files like,package.json,yarn.lockGemfileetc. ot be copied as well (as per need).
COPY Gemfile.lock $APP_HOME
- Following command is used to add your private
sshkeys which probably have access granted to download private libraries.
ARG SSH_KEY
ENV SSH_KEY=$SSH_KEY
RUN echo "$SSH_KEY" > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
- Following command is used to install the private gems / libraries using the
sshkey we just copied.
RUN --mount=type=ssh,target=/home/app/.ssh/id_rsa,uid=9999,gid=9999 \
--mount=type=secret,id=artifactory,uid=9999,gid=9999 \
BUNDLE_{ORG-NAME}__JFROG__IO={JFROG_USERNAME}:{JFROG_API_KEY} bundle install
And that is how you setup your local machine with Docker pulling images and libraries from your private stores.
Top comments (0)