Docker Registry
To be able to create and publish docker images we need to use a Docker Registry.
By default Jenkins X ships with a Docker Registry which is included in the system namespace for Jenkins X along with Jenkins and Nexus. Since this docker registry is running inside your kubernetes cluster and is used internally inside your cluster its hard to expose it via HTTPS with self signed certificates - so we default to using insecure docker registries for the IP range of service IPs in your kubernetes cluster.
Using a different Docker Registry
If you are using the public cloud you may wish to take advantage of your cloud providers docker registry; or reuse your own existing docker registry.
If you are using Static Jenkins Master
To specify the Docker Registry host/port you can use the Jenkins Console:
jx console
Then navigate to Manage Jenkins -> Configure System and change the DOCKER_REGISTRY environment variable to point to your docker registry of choice.
Another approach is to add the following to your values.yaml file for your customization of the Jenkins X platform helm charts:
jenkins:
Servers:
Global:
EnvVars:
DOCKER_REGISTRY: "gcr.io"
Update the config.json secret
Next you will need to update the config.json secret for docker.
You can do this via the jx create docker auth command line tool:
jx create docker auth --host "foo.private.docker.registry" --user "foo" --secret "FooDockerHubToken" --email "fakeemail@gmail.com"
If you create a config.json file for your docker registry provider. e.g. for GCR on Google Cloud its probably something like:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud"
}
}
For AWS its more like
{
"credsStore": "ecr-login"
}
Then to update the jenkins-docker-cfg secret you can do the following:
kubectl delete secret jenkins-docker-cfg
kubectl create secret generic jenkins-docker-cfg --from-file=./config.json
NOTE that the file must be called config.json as the file name is used in the key of the underlying Secret in kubernetes
Using Docker Hub
If you want to publish images to docker hub then you need to modify your config.json as described above to something like:
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "MyDockerHubToken",
"email": "myemail@acme.com"
}
}
}
Using jFrog BinTray (Artifactory)
Using the jFrog BinTray as a private registry is possible. This has only been tested when creating a new cluster and passing the --docker-registry=private-reg.bintray.io. After creating your cluster, you will want to do the following:
Delete the existing
Secretcalledjenkins-docker-cfgby executingkubectl delete secret jenkins-docker-cfgCreate a local file called
config.jsonand its value should be in this format (update values based on your registry user account and FQDN).{ "auths": { "https://private-reg.bintray.io": { "auth": "username:password (base64 encoded)", "email": "myemail@acme.com" } } }Create the new
jenkins-docker-cfgSecretwith the contents of theconfig.jsonas follows:kubectl create secret generic jenkins-docker-cfg --from-file=./config.json
That should do it, you should now be able to run pipelines and store images in the jFrog BinTray Registry.
Mount a Secret for your registry
Your docker registry will require a Secret to be mounted into the Pod Templates.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.