feat(compose): Work with a registry

2023-10-13 02:06:56 +02:00
parent d98de5aff0
commit e5e78a0527
12 changed files with 57 additions and 16 deletions
--- a/docker-compose/examples/grafana/README.md
+++ b/docker-compose/examples/grafana/README.md
@@ -39,7 +39,7 @@ docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --en

 ## Copy to target

-Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow:
+Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub or your private registry of choice. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow:

 ```
 source "${COMPOSE_ENV}"
--- a/docker-compose/examples/grafana/compose.override.yaml
+++ b/docker-compose/examples/grafana/compose.override.yaml
@@ -1,5 +1,6 @@
 services:
    grafana-build:
+        # FIXME image name with or without slash? Docker Hub or private registry? With or without *_BUILD_DATE? FIXME
        image: "grafana:${GRAFANA_VERSION}"
        profiles: ["build", "build-grafana"]
        build:
@@ -9,6 +10,7 @@ services:
                EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}"
                GRAFANA_VERSION: "${GRAFANA_VERSION}"
    nginx-build:
+        # FIXME image name with or without slash? Docker Hub or private registry? With or without *_BUILD_DATE? FIXME
        image: "nginx:${NGINX_VERSION}"
        profiles: ["build", "build-nginx"]
        build:
--- a/docker-compose/examples/grafana/compose.yaml
+++ b/docker-compose/examples/grafana/compose.yaml
@@ -1,6 +1,6 @@
 services:
    grafana:
-        # FIXME Docker Hub image name with or without slash? FIXME
+        # FIXME image name with or without slash? Docker Hub or private registry? With or without *_BUILD_DATE? FIXME
        image: "grafana:${GRAFANA_VERSION}"
        container_name: "grafana-grafana-${CONTEXT}"
        networks:
@@ -29,7 +29,7 @@ services:
            # GRAFANA_USER: ${GRAFANA_USER}
            # GRAFANA_PASSWORD: ${GRAFANA_PASSWORD}
    nginx:
-        # FIXME Docker Hub image name with or without slash? FIXME
+        # FIXME image name with or without slash? Docker Hub or private registry? With or without *_BUILD_DATE? FIXME
        image: "nginx:${NGINX_VERSION}"
        container_name: "grafana-nginx-${CONTEXT}"
        networks:
--- a/docker-compose/examples/grafana/env/fqdn_context.env.example
+++ b/docker-compose/examples/grafana/env/fqdn_context.env.example
@@ -7,6 +7,7 @@ CONTEXT=ux_vilnius
 # GRAFANA_VERSION=x.y.z
 # NGINX_VERSION=x.y.z
 # GRAFANA_VIP=10.1.1.2
+# GRAFANA_BUILD_DATE=20230731



--- a/docker-compose/examples/hashicorpvault/README.md
+++ b/docker-compose/examples/hashicorpvault/README.md
@@ -32,15 +32,28 @@ docker context create fully.qualified.domain.name --docker 'host=ssh://root@full

 ## Build

+> Skip to [Pull](#pull) if you already have images in your private registry ready to use. Otherwise read on to build them now.
+
 FIXME We build the `vault` image locally. Our adjustment to the official image is simply adding `/tmp/vault` to it. See [build-context/Dockerfile](build-context/Dockerfile). We use `/tmp/vault` to bind-mount a dedicated ZFS dataset for the application's `tmpdir` location.

 ```
 docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build-vault' build
 ```

+## Push
+
+Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo.
+
+```
+source "${COMPOSE_ENV}"
+docker push "registry.example.com/project/vault:${VAULT_BUILD_DATE}-${VAULT_VERSION}"
+```
+
 ## Pull

-FIXME Rewrite either [Build](#build) or this paragraph for which images are built and which ones pulled, `--profile 'full'` may not make sense FIXME Pull images from Docker Hub verbatim.
+> Skip this step if you just built images that still exist locally on your build host.
+
+FIXME Rewrite either [Build](#build) or this paragraph for which images are built and which ones pulled, `--profile 'full'` may not make sense.

 ```
 docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' pull
@@ -48,7 +61,7 @@ docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --en

 ## Copy to target

-Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow:
+Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub or your private registry of choice. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow:

 ```
 source "${COMPOSE_ENV}"
--- a/docker-compose/examples/hashicorpvault/compose.override.yaml
+++ b/docker-compose/examples/hashicorpvault/compose.override.yaml
@@ -1,6 +1,7 @@
 services:
    vault-build:
-        image: "vault:${VAULT_VERSION}"
+        # FIXME image name with or without slash? Docker Hub or private registry? With or without *_BUILD_DATE? FIXME
+        image: "registry.example.com/project/vault:${VAULT_BUILD_DATE}-${VAULT_VERSION}"
        profiles: ["build"]
        build:
            context: "build-context/vault"
--- a/docker-compose/examples/hashicorpvault/compose.yaml
+++ b/docker-compose/examples/hashicorpvault/compose.yaml
@@ -1,7 +1,7 @@
 services:
    vault:
-        # FIXME Docker Hub image name with or without slash? FIXME
-        image: "vault:${VAULT_VERSION}"
+        # FIXME image name with or without slash? Docker Hub or private registry? With or without *_BUILD_DATE? FIXME
+        image: "registry.example.com/project/vault:${VAULT_BUILD_DATE}-${VAULT_VERSION}"
        container_name: "vault-${CONTEXT}"
        networks:
            vault-default:
--- a/docker-compose/examples/hashicorpvault/env/fqdn_context.env.example
+++ b/docker-compose/examples/hashicorpvault/env/fqdn_context.env.example
@@ -6,6 +6,7 @@ CONTEXT=ux_vilnius
 # ---
 # VAULT_VERSION=x.y.z
 # VAULT_VIP=10.1.1.2
+# VAULT_BUILD_DATE=20230731