https://pulumi.com logo
#general
Title
# general
a

adorable-gpu-98268

03/05/2022, 11:56 AM
Hi, I see that the
@pulumi/docker
package can be used to build docker images and then push them to e.g. an
ecr
registry or it could pull images from remote registry however I’m wondering: Can I also just push images that I have build locally outside of pulumi? How would I do that? I’d like to have a build that looks like this:
Copy code
- build my docker images using other tooling
- pulumi up
e

echoing-dinner-19531

03/05/2022, 12:07 PM
@pulumi/docker
is using the terraform docker provider (https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs) and it doesn't look like that supports just pushing built images to a registry.
a

adorable-gpu-98268

03/05/2022, 12:17 PM
Okay, thanks
Do you have some pointers how to best set this use case? • AWS ECR best practice seems to use one repository per image • It seems reasonable to setup the ECR repositories and IAM roles etc. using pulumi, as there could also some policy configuration etc. be involved • Furthermore I’d like to use the docker images for AWS Lambda Functions. This also seems like it should be setup using pulumi • I’d build the functions outside of pulumi (and it seems like I need to push them to a registry?)
So in this case, would I create two pulumi projects? 1. setup roles & ECR repositories 2. setup lambda functions and reference the ECR repositories
This seems complicated, as it could be a common occurence to add or remove a new lambda function and with this setup this always has to be synchronized across two stacks.
My build would be a bit complicated then: 1. call the first
pulumi up
to setup the ECR repositories 2. build the function images & push to the repos 3. call the second
pulumi up
to setup and wire the lambda functions
Maybe I misunderstand how this all is supposed to play together 🤔
e

echoing-dinner-19531

03/05/2022, 1:59 PM
So it might make sense in some cases to have a shared stack for setting up ECR, and then have another stack setup the functions and just refer to the first stack with StackReferences. Other cases it would make more sense to just do everything in one stack. In either case it's not ideal having to do the push to ECR outside of pulumi. That's a bad limitation of the docker provider 😞 Some workarounds you could try. Use the command provider to call your scripts that do the image build and add the push logic to those scripts. Or try using a dynamic provider and use your languages docker SDK to push to ECR. Also do consider raising an issue at https://github.com/pulumi/pulumi-docker with this issue.
a

adorable-gpu-98268

03/05/2022, 2:49 PM
Okay, thanks for pointing to these resources. The reason I think I have to use two stacks is: The push only works when the ECR repository exists. As I see adding or removing a new ECR repository and lambda function as a regular activity, not just an initial bootstrap step, I thought this would have to happen first.
e

echoing-dinner-19531

03/05/2022, 7:28 PM
The push only works when the ECR repository exists.
It should be possible to depend on the ECR repository being created before running the command steps, just add it to the depends_on list.
3 Views