Docker Support
The Docker Support build feature allows automatically signing in to a Docker registry before the build start.
Adding this feature:
enables the Docker events' monitoring: such operations as
docker pull
anddocker run
will be detected by TeamCity;adds the Docker Info tab to the Build Results page. The tab provides information on Docker-related operations.
The feature also allows:
cleaning up the Docker images;
automatically log in to an authenticated registry before the build and log out of it after the build.
These two options require configuring a connection to a Docker registry:
Docker Images Clean-up
Clean-up of the Pushed Images
If you have a build configuration which publishes images, you need to remove them at some point. You can select the corresponding option and instruct TeamCity to remove the images published by a certain build when the build itself is cleaned up.
It works as follows: when an image is published, TeamCity stores the information about the registry of the images published by the build. When the server clean-up is run and it deletes the build, all the configured connections are searched for the address of this registry, and the images published by the build are cleaned up using the credentials specified in the found connection.
Clean-up of Images on Build Agent
As a part of Free Disk Space build feature, Docker plugin cleans up images which were created by TeamCity builds on this build agent. The docker plugin assumes, that docker images are stored under
/var/lib/docker
on Linux%ProgramData%
directory on Windows$HOME
directory on other systems
The location is important, as the Free Disk Space feature analyzes which disk volumes should be cleaned for the build. If your docker daemon uses a non-standard location for the images/containers, the location can be specified using teamcity.docker.data.path
configuration parameter, preferably in buildAgent.properties
file.
Docker Registry Automatic Login/Logout
If you need to log in to a registry requiring authentication before a build, select the corresponding option and a connection to Docker configured in the Project Settings. Automatic logout will be performed after the build finishes.
Amazon ECR
A connection to Amazon Elastic Container Registry (ECR) allows storing Docker images in private AWS registries. For this, such a connection needs to be selected when adding a Docker Support feature to a build configuration.
Connection settings:
Setting | Description |
---|---|
AWS region | Select an AWS region where the target resources are located. |
Credentials type |
|
IAM role ARN (only for Temporary credentials) | Specify a role to be used for generating temporary credentials. You need to create this role in advance in your AWS console and assign it to all the necessary permissions. |
External ID (only for Temporary credentials) | Specify an external ID. We strongly recommend that you always define it when using temporary credentials. This ensures that only TeamCity will be able to use the specified IAM role. |
Default credential provider chain | Enable this option to automatically find access keys according to the default chain. |
Access key ID | Specify the access key ID. See how to get it here. |
Secret access key | Specify the secret access key. See how to get it here. |
Registry ID | Enter an ID of your registry or AWS account. |