Multi-arch Docker image deployment using CDK Pipelines

0

I'd like to build a multi-architecture Docker image, push it to the default CDK ECR repo, and then push it to different deployment stages (stacks in separate accounts) using CDK Pipelines. I create the image using something like the following:

IMAGE_TAG=${AWS_ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com/cdk-hnb659fds-container-assets-${AWS_ACCOUNT}-${REGION}:myTag
docker buildx build --progress=plain \
	--platform linux/amd64,linux/arm64 --push \
	--tag ${IMAGE_TAG} \
	myDir/

This results in three things pushed to ECR, two images and an image index (manifest). I'm then attempting to use the cdk-ecr-deployment to copy the image to a specific stack, for example:

cdk_ecr_deployment.ECRDeployment(
    self,
    "MultiArchImage",
    src=cdk_ecr_deployment.DockerImageName(f"{cdk_registry}:myTag"),
    dest=cdk_ecr_deployment.DockerImageName(f"{stack_registry}:myTag"),
)

However, this ends up copying only the image corresponding to the platform running the CDK deployment instead of the 2 images plus manifest. There's a feature request open on cdk-ecr-deployment to support multi-arch images.

I'm hoping someone might be able to suggest a modification to the above or some alternative that achieves the same goal, which is to deploy the image to multiple environments using CDK Pipelines. I also tried building the images + manifest into a tarball locally and then using the aws_ecr_assets.TarballImageAsset construct, but I encountered this open issue when attempting the deployment locally. I'm not sure if the TarballImageAsset supports a multi-arch image, as it seems like the DockerImageAsset doesn't. Any ideas?

1 Answer
0

In case this might be useful for anyone else who stumbles on this... My solution ended up being to just not rely on CDK for the docker build. I have a CDK Pipeline that builds a multi-arch image using docker buildx as part of the "synth" step in AWS CodeBuild before the CloudFormation templates are synthesized. See this link for how to get buildx working in AWS CodeBuild.

That image (really two images and a manifest) is pushed to a staging repository that's created by the pipeline stack, similar to how CDK uses a dedicated assets repo for its Docker builds. Then after each stage in my pipeline is deployed, a "post" CodeBuildStep runs that uses the skopeo CLI to copy the image from the staging repo to a dedicated ECR repo for each stage. This is essentially what cdk-ecr-deployment does for you if you're not dealing with a multi-arch image.

answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions