Trigger for Container Registry that invokes a Serverless Containers container
A trigger for Container Registry invokes a Serverless Containers container when specific events occur with a Container Registry Docker image. The trigger must be in the same cloud as the registry whose events it is subscribed to.
A trigger for Container Registry needs a service account to invoke the container.
For more information about creating a trigger for Container Registry, see Creating a trigger for Container Registry that invokes a Serverless Containers container.
Events for setting up a trigger
Events with Docker images that can be tracked using a trigger:
- Creating a Docker image.
- Deleting a Docker image.
- Creating a Docker image tag.
- Deleting a Docker image tag.
A Docker image is always pushed with a tag (if no tag is specified, Docker automatically assigns the latest tag), meaning the CreateImage event always comes with CreateImageTag. You can add any number of tags to a Docker image by pushing the same image with different tags. In this case, only the CreateImageTag event occurs, without CreateImage.
A tag can be reassigned from one Docker image to another. This happens when pushing a new Docker image with a tag that is already used in another Docker image. In this case, the CreateImage event will occur for the new Docker image. In this case, changing the tag will trigger two events: DeleteImageTag (removing the tag from the old Docker image) and CreateImageTag (assigning the tag to the new Docker image).
Deleting a Docker image also deletes all its tags. This is why deleting a Docker image always triggers the DeleteImage event and as many DeleteImageTag events as the Docker image had tags at the time of deletion.
Filtering events
Events are filtered using tags and names of Docker images you push. When using a name and a tag at the same time, filtering is based on the logical AND: for the trigger to fire, the image must match both the name and the tag.
Event batching
Batching settings allow you to send multiple events to a container at the same time. They set a top limit on the event batch size and accumulation time. For example, if the event batch size is 3, the container can receive batches of 1 to 3 events.
Roles required for the proper operation of a trigger for Container Registry
- To create a trigger, you need:
- Permission for the service account under which the trigger executes the operation. This permission comes with the iam.serviceAccounts.user and editor roles or higher.
- The
container-registry.images.pullerrole for the registry whose events are processed by the trigger.
- To run a trigger, the service account needs the
serverless.containers.invokerrole for the folder with the container to be invoked by the trigger.
Read more about access management.
Container Registry trigger message format
After the trigger is activated, it sends the following message to the container:
{
"messages": [
{
"event_metadata": {
"cloud_id": "b1gvlrnlw2e6********",
"created_at": "2020-09-07T11:09:14Z",
"event_id": "crtpk611vb7g********",
"event_type": "yandex.cloud.events.containerregistry.CreateImage",
"folder_id": "b1g88tfl0pl8********",
"tracing_context": {
"parent_span_id": "-14915794679********",
"span_id": "-72326631357********",
"trace_id": "70e7m4n2********"
}
},
"details": {
"image_digest": "sha256:45f8f740272f1f2a053eade37d8d************************************",
"image_id": "crti2c9b************",
"registry_id": "crt2504s************",
"repository_name": "crt2504s************/ubuntu",
"tag": "latest"
}
}]
}