Docker Registries. Quay, Nexus, JFrog Artifactory, Harbor and more

1. Introduction
2. OpenShift Registry
3. Quay Registry
4. Nexus Repository Manager (NXRM) 3
   1. Getting Started
   2. Setup Nexus Kubernetes. Run nexus3 with docker in a kubernetes cluster
   3. Nexus as a Docker repo
      1. Secure Docker Registries
   4. SSL/TLS Certificates
      1. Add Insecure Registry to Docker
   5. Jenkins Integration with Nexus
   6. Nexus 3 Configuration as Code
   7. Nexus CLI
   8. Sonatype Nexus Community
5. JFrog Artifactory
6. Harbor. Cloud native repository for Kubernetes
7. Other Alternatives

Introduction

• A Docker registry is a place to store and distribute Docker images.
• It serves as a target for your docker push and docker pull commands.
• Dzone refcard: Using Repository Managers The Best Way to Organize, Store, and Distribute Software Components
• Dzone Refcard: Binary Repository Management

OpenShift Registry

• docs.openshift.com: Integrated OpenShift Container Platform registry
• cloudowski.com: Openshift ImageStreams
• The registry in OCP4 is now managed by an Operator instead of oc adm registry.

Quay Registry

• Quay.io is a hosted Docker registry from CoreOS:
  • Main features:
    • “Powerful build triggers”
    • “Advanced team permissions”
    • “Secure storage”
  • One of the more enterprise-friendly options out there, offering fine-grained permission controls.
  • They support any git server and let you build advanced workflows by doing things like mapping git branches to Docker tags so that when you commit code it automatically builds a corresponding image.
  • Quay offers unlimited free public repositories. Otherwise, you pay by the number of private repositories. There’s no extra charge for storage or bandwidth.
• Quay 3.0 released in May 2019: support for multiple architectures, Windows containers, and a Red Hat Enterprise Linux (RHEL)-based image to this container image registry.
• Quay 3.1 released in September 2019: The newest Quay feature is repository mirroring, which complements our existing geographic replication features. Repository mirroring reflects content between distinct, different registries. With this, you can synchronize whitelisted repositories or a source registry subset into Quay. This makes it much easier to distribute images and related data through Quay.
• Quay Community Edition operator
• Quay 3.1 Certified Operator is not available in Openshift and must be purchased
• Open Source ProjectQuay.io Container Registry:
  • Red Hat Introduces open source Project Quay container registry
  • github.com/quay
• openshift.com: Keep Your Applications Secure With Automatic Rebuilds

Nexus Repository Manager (NXRM) 3

• sonatype.com/nexus-repository-oss
• Nexus Repository Manager (NXRM) 3 🌟

Getting Started

• Dzone: Getting started with Nexus
• Dzone: Nexus Guide Update January 2018

Setup Nexus Kubernetes. Run nexus3 with docker in a kubernetes cluster

• Sonatype Nexus Community: Nexus Kubernetes OpenShift 🌟
• Devopscube.com: Setup Nexus Kubernetes 🌟
• stackoverflow: run nexus3 with docker in a kubernetes cluster
• https://github.com/jetstack/cert-manager/

Nexus as a Docker repo

• Docker Registry
• blog.sonatype.com: Using Nexus 3 as Your Repository – Part 3: Docker Images 🌟
• Dzone: Setting up a docker private registry with authentication
• sonatype: how to delete docker images from Nexus Repository Manager
• hackermoon.com: cleanup old docker images from nexus repository

Secure Docker Registries

• guides.sonatype.com: secure docker registries
• support.sonatype.com: Using self signed certificates with Nexus Repository Manager and Docker Daemon

SSL/TLS Certificates

• guides.sonatype.com: secure docker registries
• support.sonatype.com: SSL Certificate Guide
• help.sonatype.com: Inbound SSL - Configuring to Serve Content via HTTPS
• nginx.com: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

Add Insecure Registry to Docker

• Test an insecure registry 🌟
• Configure Docker Service To Use Insecure Registry
• Running an insecure registry –insecure-registry
• Add Insecure Registry to Docker

Jenkins Integration with Nexus

• Nexus Platform Plugin for Jenkins
• Jenkins: Publish Maven Artifacts to Nexus OSS Using Pipelines or Maven Jobs 🌟 Check out how following this tutorial to connect Maven and Nexus OSS can help increase your CI/CD pipelines.
• Continuous Delivery with Sonatype Nexus, Jenkins and the Cloudogu Ecosystem
• youtube: Jenkins Integration with Nexus
• youtube: uploading artifacts from jenkins to nexus

Nexus 3 Configuration as Code

• github.com/samrocketman/nexus3-config-as-code
• blog.mimacom.com/automate-nexus
• github.com/cinhtau/sonatype-nexus-waffle

Nexus CLI

• GitHub: Nexus-CLI
• nexus3-cli.readthedocs.io

Sonatype Nexus Community

• Sonatype Nexus Community 🌟
• Check out the Nexus3 tag on Stack Overflow

JFrog Artifactory

• JFrog Artifactory: Your Kubernetes Registry
• JFrog Container Registry The world’s most advanced, powerful, hybrid Docker and Helm registry. Power your world of Docker without limits.
• The JFrog journey to kubernetes: best practices for taking your containers all the way to production
• jfrog.com: Control Your Kubernetes Voyage with JFrog Artifactory 🌟 5-Step Kubernetes CI/CD Process using Artifactory & Helm
• openshift.com: Cloud DevOps With OpenShift and JFrog
• jfrog.com: JFrog and Docker Partner to Combine the Power of JFrog Artifactory and Docker Hub to Improve Quality, Performance, and Developer Experience for Modern Application Development
• jfrog.com: How I Leaped Forward My Jenkins Build with JFrog Pipelines
• jfrog.com: GitHub vs JFrog: Who Can do the Job for DevOps?
• seekingalpha.com: JFrog Reminds Me Of MongoDB JFrog’s software is similarly disruptive as MongoDB’s, and likewise its cloud offering is growing faster than the overall company.
• jfrog.com: Kubernetes Helm Chart Repositories 🌟
• jfrog.com: What Artifactory as your kubernetes docker registry means to you
• openshift.com: Using JFrog’s Artifactory and Red Hat OpenShift Together

Harbor. Cloud native repository for Kubernetes

• Harbor
• goharbor.io: Deploy Harbor with the Quick Installation Script
• nicholasamorim/ansible-role-harbor
• mramanathan/ansible-harbor Ansible playbook to install and setup Harbor
• galaxy.ansible.com/mkgin/vmware-harbor An Ansible role Installs Harbor from VMware as the dependancies from Docker.
• freesoft.dev: Ansible Role: Harbor API Codifying An Ansible Role to manage Harbor API

Other Alternatives

• uber/kraken P2P Docker registry capable of distributing TBs of data in seconds
• medium.com/swlh: Deploy Your Private Docker Registry as a Pod in Kubernetes In this tutorial, you’ll deploy a TLS-enabled Private Docker Registry as a Pod. This will help you to push your custom-built images to the registry, which later can be pulled by any of the worker nodes.