Pipeline steps are defined as a series of Docker containers. Each step must therefore define the Docker image used to create the container.
|
|
Drone supports any valid Docker image from any Docker registry:
image: golang
image: golang:1.7
image: library/golang:1.7
image: index.docker.io/library/golang
image: index.docker.io/library/golang:1.7
image: docker.company.com/golang
Pulling Images
If the image does not exist in the local cache, Drone instructs Docker to pull the image automatically. You will never need to manually download or install Docker images.
If the image is tagged with latest, Drone will always attempt to pull the latest version of the image. Configure the runner to only pull the image if not found in the local cache:
|
|
To always pull the latest version of the image:
|
|
To never pull the image and always use the image in the local cache:
|
|
Pulling Private Images
If the image is private you need to provide Drone with docker credentials, sourced from a secret. You can manage secrets in your repository settings screen in the web interface.
First create a secret that includes your Docker credentials in the format of a Docker config.json file. This file may provide credentials for multiple registries.
{
"auths": {
"docker.io": {
"auth": "4452D71687B6BC2C9389C3..."
}
}
}
Next, define which secrets should be used to pull private images using the image_pull_secrets attribute:
|
|
Image Caching Behavior
Kubernetes caches all images that are pulled locally on the node, including private images. Kubernetes does not restrict the use of cached images. An image already in the local cache can be used by any pipeline.
It is therefore possible for a pipeline to pull a private image that is cached by Kubernetes, and for another pipeline to use this image from the cache without having credentials. Keep this in mind when pulling private images in a shared or public environment.