This command pushes imgpkg bundles, plain Docker images, or Helm charts (for VMware Telco Cloud Automation based product deployments) to the associated registry.
Some important prerequisites:
- It is not recommended to provide registry credentials at the command line. Alternatively,
docker logincan be executed prior to invokingtcxctlfor better security. - For using ECR:
- The AWS credentials must be set in the
~/.aws/configand~/.aws/credentialsfiles. The relevant AWS profile must be exported as an environment variable namedAWS_PROFILE. You can get more details from AWS. - The
ecr:CreateRepositoryandecr:DeleteRepositorypermissions must be assigned to the AWS_PROFILE provided totcxctl. - You do not have to provide
--registry-usernameand--registry-passwordtotcxctl, it is set automatically from theAWS_PROFILE. - The registry URI or URL must have a single sub-path in the suffix. For example:
- Valid:
<your-profile-ID>.dkr.ecr.<aws-region>.amazonaws.com/<project-name> - Invalid:
<your-profile-ID>.dkr.ecr.<aws-region>.amazonaws.com/<project-name>/deployment
- Valid:
- The AWS credentials must be set in the
Support for Non-OCI/OCI registry
PUSH_TO_CHART_REPO variable must set to true for
Chartrepo based registry or else it must be set to
false.
Note:
- Harbor 2.4 and above only supports OCI complaint artifacts.
- Harbor <= 2.3 and >= 2.x supports both chartrepo and OCI.
Examples
- Push artifacts to Harbor:
tcxctl push --artifacts-path /root/tcx-deployer --registry <harbor-registry-fqdn>/<project-name> --registry-password <your-registry-password> --registry-username <your-registry-username> --registry-cert <path-to-your-registry-ca-certificate-file>
- Certificate signed by known authority:
tcxctl push --artifacts-path /Users/tcx-deployer/ --registry <HarborIP>/tcx --registry-password <password> --registry-username <username>
- Self-signed certificate:
- Copy the cert file in /etc/ssl/certs directory.
- If you do not have permission to directory /etc/ssl/certs, then put the cert in any other location where you have access and then follow the procedure:
- Check if trust command is available by running
trust list. If not, then install packagep11-kit-trust. - Run
trust anchor <path-to-cert>:tcxctl push --artifacts-path /Users/tcx-deployer/ --registry <HarborIP>/tcx --registry-password <password> --registry-username <username> --registry-cert <cert_location>
- Check if trust command is available by running
- Push chart to chartrepo in Harbor:
- Harbor 2.4.0 version support chart-repo. If you want to publish chart to chartrepo then set
PUSH_TO_CHART_REPO=truebefore runningtcxctlcommand:export PUSH_TO_CHART_REPO=true tcxctl push --artifacts-path /Users/tcx-deployer/ --registry <registry_url> --registry-password <password> --registry-username <username> --registry-cert <cert_location>
- Harbor 2.4.0 version support chart-repo. If you want to publish chart to chartrepo then set
- Certificate signed by known authority:
- Push artifacts to ECR:
export AWS_PROFILE=<MY-AWS-PROFILE> tcxctl push --artifacts-path /root/tcx-deployer --registry <your-profile-ID>.dkr.ecr.<aws-region>.amazonaws.com/<project-name>
