How to publish Docker images on a private Sonatype Nexus Repository using Jib Maven plugin

June 08, 2020 By Awkash Agrawal

5 minute read time

In this exercise, we are going to learn how to publish Docker images to a private Sonatype Nexus Repository with the help of the Maven Jib plugin. Until recently, you had to install the Docker daemon on the box from where you want to generate Docker images. The Jib plugin allows you to build the Docker image without installing Docker daemon. This is important for build machines using task managers like Jenkins and Teamcity, as setting up Docker is another extraneous step.

There are certain occasions during which you may want to publish your images into a private repository instead of a public repository like Docker Hub. Sonatype Nexus Repository comes into the picture here as it can host all types of artifacts starting from jar, Docker images, npm packages, and more. This exercise assumes you have basic knowledge about Docker and repositories. We will first set up the Sonatype Nexus Repository on a local box followed by setting up the build process to publish the image to the same repository.

Glossary

This glossary will help you with the related concepts in case you are completely unfamiliar.

Docker

Docker is a lightweight container used for publishing apps with the entire ecosystem packaged in a single bundle.

Jib

Jib is a framework to build and compile Docker images with and without the Docker daemon available on system. There are two plugins available for this, one for Maven and the other for Gradle. In this exercise, we are going to use the Jib Maven plugin to publish a Docker image.

Sonatype Nexus Repository

Sonatype Nexus Repository OSS is a repository manager tool, used for hosting various types of artifacts like jar, npm packages and Docker/OCI images.

Prerequisite

There are some prerequisite for this tutorial to be completed.

1. Download Nexus from below location, you need to choose your operating system version.

2. Extract it to a location; call it  install_location for example.

3. Start Nexus by running this command as administrator.

If step three fails due to port conflict, there will be a file created by Nexus Start called nexus.properties at:

install_location\sonatype-work\nexus3\etc\nexus.properties

You need to change the port to any port non-conflicting port 9081. Note this file will be created only when Nexus starts up successfully.

4. Login to Nexus as admin. Your password is in the admin.password file that gets created after the Nexus start up. You need to find the default password for admin, which you can find at this location.

Once you login to the system, click on the "Go to repositories" tab from the left menu and click the "Create repository" button shown below.

CreateRepository

Create a repository

In the second screen, please select "Docker hosted" as a recipe type.

Docker Hosted Recipe

Docker hosted recipe

Now enter the registry name and the HTTP port and keep the rest as default and click on the "Create repository" button at the bottom part of the screen. This HTTP port is used in pom.xml for publishing.

Repository Connectors

Steps

Now go to https://start.spring.io/ and download a basic Spring Boot app with Maven as the build tool.

Download Spring Boot app

Download Spring Boot app

You also need to have Maven configured in your classpath or use the  mvnw  command.

Now open the Spring Initializer project in the editor of your choice. I used Visual Studio Code but you can use any one.

We need to add the below things to pom.xml of the project. Jib plugin and right entries for the Docker registry that we created in the prerequisite section. Config part is very important as this step will make or break this exercise.

Find the plugins section under pom.xml and add the below entry to the pom.xml. Note you need to change the password to the same as what you created when setting up Nexus.

HTML

Save the file and run the below command from the command line, under the directory where you extracted the Spring Boot application.

mvn compile jib:build -DsendCredentialsOverHttp=true -Djib.httpTimeout=0

The above command will build your first Docker image without installing the Docker daemon on your machine and push the to the Nexus repo. The flag  httpTimeout  is worth mentioning as by default value for this in 2 seconds usually repos take longer than this, I kept it to infinite. The flag  SendCredentialsOverHttp  is used for allowing HTTP and authentication needs as Jib use HTTPS and credshelper . Here, the idea is to get things started and see things end to end.

By completion of this exercise you have learned setting up a Nexus repository manager running over HTTP. You also learned how to create a Docker repo under Nexus. Lastly, we modified pom.xml to publish the Docker images during the build process to the Nexus repo using Jib plugin. The image built can be used by any Docker client to be run on his/her machine with the help of the  docker run  command.

Originally published at DZone.

Tags: AppSec, Docker, Maven, jenkins, Jib

Written by Awkash Agrawal

Awkash is a developer advocate. He helps developers, QA, and DevOps people reach their true potential, unblocking them so that they can achieve goals faster. "I love to explore latest technologies and manage large teams. I believe technology should be simple otherwise it is hard to adopt and survive. My specialties are in polyglot modern systems such as Java, Spring, Cloud, Docker, Angular, and CI/CD."