Docker Buildkit Pulumi Provider
A Pulumi provider that builds and pushes a Docker image to a registry using Buildkit.
Motivation
Why use this provider over the official pulumi-docker provider? This provider fixes many of the bugs with the official Docker provider:
-
pulumi preview
does not silently block while waiting for the Docker image to build. - Output from
docker build
streams to the terminal duringpulumi up
. -
docker build
is not invoked if nothing in the build context has changed. - Changes to the build context cause a diff to appear during
pulumi preview
.
It also provides several new features:
- Support for cross-building images (e.g., building a
linux/arm64
image on alinux/amd64
host.) - Automatic inline caching.
There are a few limitations though. The Image
resource is much less
configurable than the
Image
resource in
the official Docker provider. And there is no support whatsoever for the other
resource types, like Container
or Secret
.
Usage example
To build and push an image to an AWS ECR repository:
import base64
import pulumi
import pulumi_aws as aws
import pulumi_docker_buildkit as docker_buildkit
def get_registry_info(registry_id):
credentials = aws.ecr.get_credentials(registry_id)
username, password = base64.b64decode(credentials.authorization_token).decode().split(":")
return docker_buildkit.RegistryArgs(
server=credentials.proxy_endpoint,
username=username,
password=password,
)
repo = aws.ecr.Repository("repo")
image = docker_buildkit.Image(
"image",
name=repo.repository_url,
registry=repo.registry_id.apply(get_registry_info),
)
Warning: Be sure to aggressively exclude files in your .dockerignore
. The
Image
resource hashes all files in the build context before determining
whether to invoke docker build
. This is fast, unless you have tens of
thousands of files in your build context. The .git
directory and
node_modules
are the usual culprits.