How to Integrate Kubernetes with a Docker Registry
Typically, the applications you deploy into a Kubernetes cluster are packaged as container images. In a Kubernetes environment of any scale, you may have dozens, hundreds or even thousands of different container images to work with.
Kubernetes itself doesn’t manage those images for you. To do that, you need a Docker registry that is integrated with your Kubernetes environment. Docker registries serve as repositories for container images. They make it easy to manage different versions of images for the same container. Advanced registries also provide functionality that scans images for security vulnerabilities. Most registries also provide access control features so that you can place restrictions on who is able to view and deploy images.
Below, we explain how to integrate Kubernetes with a Docker registry, using JFrog Artifactory as an example.
Default Docker registries for Kubernetes
Before diving into how to set up a Kubernetes registry, let’s discuss the relationship between Kubernetes and Docker registries in a little more detail.
Again, Kubernetes itself has no native Docker registry functionality. However, some Kubernetes distributions or services automatically integrate with specific Docker registries. For example, Red Hat OpenShift comes with a default registry. Some of the cloud-based Kubernetes services also integrate natively with container registries hosted in the same clouds.
In general, however, most Kubernetes installations don’t offer registry support out-of-the-box. And even if your Kubernetes environment does feature a native registry integration, you may prefer to use an alternative registry (which is almost always possible to do). There are perhaps a dozen or so production-grade Docker registries available today, each with different features, and the registry that your Kubernetes vendor makes available by default may not be the best one for your needs.
The benefits of Artifactory as a Kubernetes Docker registry
By choosing a Docker registry option like Artifactory to host container images for your Kubernetes environment, you’ll benefit from several features that are not available in many other Docker registries:
- Security: Artifactory offers advanced vulnerability scanning that checks your Docker images layer-by-layer for security risks.
- Local hosting: By supporting locally hosted repositories as well as those running in the cloud, Artifactory gives you maximum flexibility over where and how your Docker images are stored and managed.
- Docker Hub integration: Artifactory can integrate with Docker Hub, a popular public Docker Registry. This integration allows you to access images stored in Docker Hub, while also taking advantage of the security and access-control features that Docker Hub lacks but that are available through Artifactory.
- Flexible artifact hosting: Artifactory can host not just container images, but also Helm charts and a variety of other types of objects. This means that you can use Artifactory to manage virtually any type of artifact you may need to host as part to support your Kubernetes clusters, as well as other environments.
How to use Artifactory as a Docker registry for Kubernetes
Using Artifactory as a Docker registry with Kubernetes is simple. Following are examples of how to get started and what you can do when you integrate Artifactory with Kubernetes.
Setting up Artifactory on Kubernetes
If you want to run Artifactory within your Kubernetes cluster, you can do so easily by using the Artifactory Helm chart.
To deploy the chart, search for and install it in your Kubernetes Web console. Alternatively, install from the command line with:helm repo add jfrog https://charts.jfrog.io
helm repo update
helm upgrade --install artifactory --namespace artifactory jfrog/artifactory
Pulling a Docker image
To pull a Docker image into Kubernetes from Artifactory, first log in to your Artifactory Cloud account:docker login ${server-name}.jfrog.io
Then, pull the image with:docker pull ${server-name}.jfrog.io/{repo-name}/<image name>
Next, to deploy the image in Kubernetes, create a YAML file that defines a pod based on the image, then use “kubectl apply” to create the pod.
Running a CI/CD pipeline on Kubernetes with Artifactory
To automate the deployment of Docker images on Kubernetes when using Artifactory as a Docker registry, you can set up a complete CI/CD pipeline. We outline this process here, but in short, it amounts to:
- Setting up Artifactory in Kubernetes.
- Installing Jenkins in Kubernetes.
- Setting up containers or Helm charts to deploy automatically into Kubernetes using Jenkins pipelines.