Docker Image Deployment

Instructions below describes how you can deploy a docker image based application using shipa.

Creating a Sample Application using docker image



You can deploy application to a target cluster in a namespace using set of policies (framework). To do this you should create environment, for details see: Managing Environments

As part of this example, we create an application called bulletinboard:

shipa app deploy bulletinboard -t shipa-admin-team -k shipa-framework -i

Once the command above has been executed, all available applications using the app list command are listed.

shipa app list
| Application   |Status     | Shipa Managed | Address                              |
| bulletinboard | 1 running |     true      ||

You can deploy an existing Docker image using Shipa's dashboard or the Shipa CLI as shown below:

The application is available through the Address provided in the output of the app list command once the deployment is complete.

Private Registry

For private registries, in the UI, you can specify a registry username and registry token/password in the Application Deployment prompts.

If leveraging the CLI, you can pass the --private-image flag and the CLI will interactively prompt you for the credentials or you can export the following into environment variables.

export SHIPA_REGISTRY_USERNAME="arn:aws:iam::123456789:user/bacon"
export SHIPA_REGISTRY_PASSWORD="abcdefg#/abcdefg#/"
shipa app deploy -i * -a bulletinboard --private-image

Alternative you can setup docker credentials for set of frameworks. This allows application deployment from private registries without providing credentials.

shipa credential add dockercreds --provider docker --framework framework1 --path ~/.docker/config.json

Once setup deploy images from your private docker repositories whose secrets are defined in docker config.json. Here is a sample docker config.json for, Google container registry (GCR), github container registry (GHCR), and Amazon container registry (ECR):

    "auths": {
        "": {
            "auth": "base64-secret"
        "": {
            "auth": "base64-secret"
        "": {
            "auth": "base64-secret"
        "": {
            "auth": "token"
        "": {}
    "credHelpers": {
        "": "gcloud",
        "": "gcloud",
        "": "gcloud",
        "": "gcloud",
        "": "gcloud",
        "": "gcloud"
    "experimental": "disabled",
    "stackOrchestrator": "swarm",
    "currentContext": "desktop-linux"

Google Cloud Artifact Registry

If you are using Artifact Registry as your Private Container Registry of choice as well as a Service Account created via IAM with the roles/artifactregistry.reader Role, here is how you can connect your Application via the following:

Artifact Registry Authentication

gcloud auth print-access-token \
    --impersonate-service-account ACCOUNT | docker login \
    -u oauth2accesstoken \

Via the Shipa UI, you can pass in the following fields:


Deployment Source: Private Registry
Image URL: <artifact-registry-region><repository>/<image>:<image_tag>
Registry Username: oauth2accesstoken
Registry Secret: $(gcloud auth print-access-token --impersonate-service-account *