Docker images can be deployed to Helion Stackato like source code, directly from the Docker Hub or from specific Docker registry servers:
$ stackato push -n --docker-image my.registry.com/namespace/app-name:latest
Helion Stackato fetches the named image (a Docker App) from the Docker Hub or specified registry server and deploys it.
Because certain Docker images can potentially expose a root user and other escalated privileges, Helion Stackato administrators should generally restrict the ability to push Docker images to:
Depending on which restrictions your Helion Stackato administrator has set, an error message describing the restriction may be displayed when you attempt to push an application as an unauthorized user:
Error staging: Need 'allow_sudo' quota to stage and run a Docker app (400)
An error may also be displayed when you attempt to push an unauthorized image:
Error staging: Docker image example/simple-server is not from an allowed registry (400)
You can specify official Docker Hub library images by name, with or without a tag. For example:
$ stackato push --docker-image tomee:8-jre-7.0.0-M1-webprofile
You can also specify images from a particular user or organization by namespace, for example:
$ stackato push --docker-image cloudfoundry/lattice-app
Images from a particular registry server require a fully-qualified URL (without the protocol portion):
$ stackato push --docker-image registry.example.com/user/docker-app:latest
For registries that requires authentication, use the
format to specify credentials:
$ stackato push --docker-image myname:email@example.com/myname/myapp
Administrators can save default credentials for specific servers in the Allowed Registries list. Stackato uses these credentials for a specific registry server, if it is present. However, any credentials specified in the command override the default credentials.
If the registry credentials contain the
ensure that that username and password strings are
Docker apps can be bound to data services like staged
$STACKATO_SERVICES, and URL-based environment
variables are injected into the container and can be read by the application.
For instructions on creating data service instances and binding them to applications,
see the Data Services documentation.
Docker apps do not have staging hooks:, so there is no opportunity to extract and reformat credentials into the format the Docker app expects. To circumvent this issue you can do one of the following:
--envoption of the CLI client, or in the
$PORT environment variable exposed in staged apps is also available
for Docker apps to use for web processes. For example, a
may end with the following line:
ENTRYPOINT /usr/bin/python manage.py runserver 0.0.0.0:$PORT
This parameter serves the web process on a port automatically allocated by Helion Stackato.
If the app's
Dockerfile exposes a single port (for example,
Helion Stackato will forward that port instead.
If there is more than one port exposed in the Dockerfile, the deployment will fail. If there is no process to listen on a port, the docker image will be destroyed.