How to use Nexus 3 as Private Docker Registry?

Reading Time: 4 minutes

 Nexus Repository provides universal support for all major build tools.

  • Store and distribute Maven/Java, npm, NuGet, Helm, Docker, p2, OBR, APT, Go, R, Conan components and more.
  • Manage components from dev through delivery: binaries, containers, assemblies, and finished goods.
  • Support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy.
  • Compatible with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more.

Pre-requisite

  • Kubernetes Cluster(EKS)
  • Helm3.
  • EFS-Provisioner with CSI driver installed.
  • AWS EFS as a persistent volume.
  • AWS S3 bucket to store Artifacts.
  • Service Account for EKS to access s3 bucket.

Installing Nexus Repository Manager using Helm Chart

To install the chart:

helm repo add oteemocharts https://oteemo.github.io/charts
helm install sonatype-nexus oteemocharts/sonatype-nexus

In this chart, to enable the docker registry you need to update the following in the values.yaml:

nexus:  
  dockerPort: 5003
	
nexusProxy:
  enabled: false
  
persistence:
  enabled: true
  accessMode: ReadWriteOnce
  storageClass: efs-sc
  storageSize: 8Gi
  pdName: nexusdata
  volumeId: xxxxxxxxxxxx
  
serviceAccount:
  create: true
  name: nexus-s3-role
  annotations: 
     eks.amazonaws.com/role-arn: arn:aws:iam::xxxxxxxx:role/nexus-s3-role
	 
ingressDocker:
  enabled: true
  className: "nginx"
  path: /
  pathType: Prefix
  labels: {}
  annotations: {}
  tls: 
    enabled: false
    secretName: nexus-docker-tls
    hosts: 
  rules:
    - host: nexus.test.io
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: sonatype-nexus-svc
              port: 
                number: 5003

In this configuration, we will be using ingress for the configuring the nexus as well as docker registry, Here, we will be using the 5003 port as docker registry port. Using this configuration, we can deploy the helm chart for nexus repository manager oss to work as an private docker registry.

Once Installed Successfully, this is what the home page will look like:

Nexus has a few repositories by default. You can see them under the Browse tab.

There is an admin tab where you can set up policies, security, and much more, depending on the privileges you have. You can create an policies using privileges and then create a role an assign privileges to that role. Also, you can create a user and assign that role to that user.

To create a user, click on the Users tab. Then fill out the details such as ID, first and last name, email, password, the status of the user (active/disabled), and the roles of that user. Then click on the Create local user button.

To create an registry, you need to create repository for which you need to create blob store where all the artifacts will be stored. For Nexus Repository Manger OSS, there are two types of blob stores: S3 and file.

Here, we will create the blob store of type s3 and attach it to the docker repository hosted.

Creating Repository

Hosted Docker Repository

To create a repository, click on the Repository tab, and under the Repositories section, click the Create repository button. Create a new Docker (hosted) repository and configure it like:

Now, your private docker registry is configured where you can push the docker images. Now, to login to docker registry need to add docker bearer token in Nexus security -> Realm tab.

Now, you can login to the docker registry using following docker login command and push docker images to it:

docker login -u admin nexus.test.io
docker push nexus.test.io/python2:v1

Proxy Docker Repository

A repository that proxies everything you download from the official registry, Docker Hub. Next time you download the same dependency, it will be cached in your Nexus.. Create a new Docker (proxy) repository and configure it like:

Now you can pull any image from docker registry where it is proxied from docker hub.

docker login -u admin nexus.test.io
docker pull nexus.test.io/redis:latest

Group Docker Repository

This type of repo will group all private and proxy and provide you a single URL to configure your clients to download from to. Group type of repository is only available for PRO version.

Create a new Docker (group) repository and configure it like:

REST and Integration API

The REST API can be used to integrate the repository manager with external systems. Nexus Repository leverages Open API to document the REST API. To make it easier to consume, we ship Nexus Repository with Swagger UI – a simple, interactive user interface, where parameters can be filled out and REST calls made directly through the UI to see the results in the browser. This interface is available under the API item via the System sub menu of the Administration menu and requires nx-settings-read privilege to access it. For those who wish to work with the API outside of Nexus Repository, we serve an Open API Document at <nexus_url>/service/rest/swagger.json which always represents the API available on running instance and does not require any privilege to access it

Written by 

I am an DevOps engineer having experience working with the DevOps tool and technologies like Kubernetes, Docker, Ansible, AWS cloud, prometheus, grafana etc. Flexible towards new technologies and always willing to update skills and knowledge to increase productivity.

Leave a Reply