Files
awesome-kubernetes/v2-docs/registries.md

35 KiB
Raw Blame History

Docker Registries. Quay, Nexus, JFrog Artifactory, Harbor and more

!!! info "Architectural Context" Detailed reference for Docker Registries. Quay, Nexus, JFrog Artifactory, Harbor and more in the context of Engineering Pipeline.

Table of Contents

  1. Architectural Foundations
  1. Artifact Management
  1. CICD Pipeline
  1. Container Management
  1. DevOps Platform Choices
  1. DevSecOps and Registry
  1. Infrastructure Security
  1. Market and Strategy
  1. Orchestration and Packaging

Architectural Foundations

Kubernetes Tools

General Reference

Artifact Management

Package Repositories

JFrog Artifactory

  • (2026) JFrog Container Registry [N/A CONTENT] [COMMUNITY-TOOL] — Focuses on the dedicated, free-tier edition of JFrog Container Registry built specifically for Docker, Helm, and OCI image curation. Powered by Artifactory engine mechanics, it delivers high performance and local caching. It offers a solid starting registry for developers transitioning to robust artifact tracking.
  • (2021) JFrog Artifactory: Your Kubernetes Registry [N/A CONTENT] [COMMUNITY-TOOL] — Detailed platform landing page showing how JFrog Artifactory serves as an enterprise-grade Kubernetes container registry. It highlights native support for helm charts, secure repository proxies, and geographical cluster mirroring. This product is a leading commercial solution for robust software artifact management.
  • (2021) jfrog.com: What Artifactory as your kubernetes docker registry means to you [N/A CONTENT] [COMMUNITY-TOOL] — Explores technical benefits of leveraging JFrog Artifactory as a Kubernetes-native registry, detailing how its universal binary repository engine supports multiple environments simultaneously. It covers secure image scanning, remote repository proxy configuration, and integration with Kubernetes cluster pull secrets. This guide assists architects in scaling their application runtimes securely.

JFrog Best Practices

  • (2021) The JFrog journey to kubernetes: best practices for taking your containers all the way to production [N/A CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] [COMMUNITY-TOOL] — An architectural whitepaper addressing modern methodologies and challenges when transitioning containerized systems from development to Kubernetes production. It explores concepts such as immutable builds, metadata tagging, and geo-replication of artifact registries. An essential document for platform architects planning large-scale rollouts.

Nexus

  • (2026) sonatype.com/nexus-repository-oss [JAVA CONTENT] [COMMUNITY-TOOL] — Homepage for Sonatype Nexus Repository OSS, a leading artifact repository manager supporting diverse formats including Maven, npm, Docker, and PyPI. It provides developer platforms with a unified proxy, host, and group layout for secure software development life cycles. As a critical component of CI/CD toolchains, it prevents localized build failures by caching public dependencies.
  • (2026) Nexus Repository Manager (NXRM) 3 🌟 [N/A CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] [COMMUNITY-TOOL] — Comprehensive technical documentation for Sonatype Nexus Repository Manager 3 (NXRM3), covering setup, configuration, API utilization, and integration hooks. It detail operations for configuring high-volume artifact staging, blob store provisioning, and granular security role configurations. It acts as the primary reference manual for platform and security engineering teams implementing modern repository topologies.

Nexus Automation

  • (2021) ==github.com/samrocketman/nexus3-config-as-code== 62 [GROOVY CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — A declarative Groovy-scripted configuration-as-code bootstrap utility designed for automating Sonatype Nexus 3 settings. Live grounding shows this repository has been unmaintained for over four years. While serving as an architectural blueprint for programmatic configuration management, modern operators have largely replaced direct scripting.

Nexus Community

  • (2026) Sonatype Nexus Community 🌟 [N/A CONTENT] [COMMUNITY-TOOL] — The primary ecosystem landing organization for third-party integrations, developer plugins, and extension scripts built around Sonatype Nexus. It serves as a decentralized catalog of community resources. While containing many unmaintained or vintage projects, it represents an outstanding archival codebase for custom integrations.

Nexus Configuration

  • (2019) blog.sonatype.com: Using Nexus 3 as Your Repository Part 3: Docker Images 🌟 [N/A CONTENT] [COMMUNITY-TOOL] — Technical blog post detailing the step-by-step setup of Sonatype Nexus 3 as a private Docker registry. It covers the creation of hosted, proxy, and group Docker repositories to control and optimize image distribution pipelines. The article explains port allocation strategies and security context mechanisms essential for registry configuration.

Nexus Integrations

  • (2020) ==Sonatype Nexus Community: Nexus Kubernetes OpenShift 🌟== 8 [YAML CONTENT] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] [LEGACY] — A community-driven GitHub repository containing Helm charts and manifest configurations designed to deploy Sonatype Nexus in OpenShift environments. Live grounding confirms this repository has been unmaintained for several years and is now marked legacy. Modern deployments should prioritize official Helm charts from the mainstream Sonatype organization for production use.
  • (2018) ==github.com/cinhtau/sonatype-nexus-waffle== 6 [JAVA CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] [LEGACY] — An archived community plugin targeting Windows Active Directory single sign-on (SSO) authentication within Sonatype Nexus. Live grounding confirms it is obsolete, unmaintained, and legacy. Useful primarily as vintage integration code, modern Nexus deployments utilize modern OIDC and LDAP endpoints.

Nexus Operations

  • (2019) hackermoon.com: cleanup old docker images from nexus repository [SHELL CONTENT] [LEGACY] — Explores operational strategies and garbage collection scripts to prune legacy and unused container images from Sonatype Nexus repository databases. Over time, registry storage can bloat; this guide addresses cleanup tasks and configuration of scheduled maintenance tasks. It provides shell commands and API calls to maintain underlying storage health.

Nexus Tooling

  • (2020) ==GitHub: Nexus-CLI== 294 [GO CONTENT] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] [LEGACY] — A command-line interface tool written in Go to interact with and manage Nexus repositories. Real-world grounding shows this repository has had no active maintenance in over four years, pointing to a legacy project. Platform operators should pivot to using official Nexus APIs or modern alternative tooling.
  • (2020) nexus3-cli.readthedocs.io [PYTHON CONTENT] [DOCUMENTATION] [LEGACY] — Documentation portal for a Python-based third-party CLI wrapper targeting Sonatype Nexus 3 APIs. It outlines tasks such as repository setup, user configuration, and image manipulation via CLI scripts. Given modern orchestration shifts toward native declarative operators, this CLI library has transitioned into a legacy tool.

Nexus Tutorials

  • (2021) Devopscube.com: Setup Nexus Kubernetes 🌟 [YAML CONTENT] [COMMUNITY-TOOL] — A detailed walk-through detailing how to install and configure Sonatype Nexus Repository Manager on a Kubernetes cluster. It breaks down persistent volume claims (PVCs), service exposes, and deployment manifest constructs. The guide simplifies the process of establishing a self-managed, centralized artifact cache on top of cloud-native infrastructure.

CICD Pipeline

Integration Tutorials

Jenkins and Nexus

  • (2020) youtube: Jenkins Integration with Nexus [N/A CONTENT] [COMMUNITY-TOOL] [GUIDE] — Video tutorial focusing on the integration of Jenkins CI servers with Sonatype Nexus Repository Manager. It explains plugin configurations, build step triggers, and authentication variables needed to securely push builds to repository hosts. This resource offers a visual walk-through of pipeline configurations.
  • (2020) youtube: uploading artifacts from jenkins to nexus [N/A CONTENT] [COMMUNITY-TOOL] [GUIDE] — Video tutorial demonstrating standard techniques for configuring Maven, Gradle, or shell scripts inside Jenkins pipelines to automate artifact delivery to Nexus targets. It details credential management and pipeline syntax. Perfect for developers transitioning from manual delivery configurations to pipeline-managed deliveries.

OpenShift and JFrog

DevOps Integrations

  • (2020) openshift.com: Using JFrog's Artifactory and Red Hat OpenShift Together [N/A CONTENT] [COMMUNITY-TOOL] — A technical tutorial demonstrating practical steps to configure and run JFrog Artifactory on Red Hat OpenShift container clusters. It guides platform engineers through deployment steps, operator configuration, and cluster-wide pull authorization parameters. It focuses on validating container origin trust within regulated enterprise clusters.

Container Management

Docker Security

Insecure Registries

  • (2020) ==Configure Docker Service To Use Insecure Registry== 48 [MARKDOWN CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] [LEGACY] — A legacy wiki repository explaining systems-level configurations required to allow the Docker daemon to communicate with insecure, self-hosted registries. It highlights modification of systemd services and the daemon.json config file. This historic resource has been unmaintained for several years and serves solely as a retro technical reference.
  • (2018) Running an insecure registry insecure-registry [N/A CONTENT] [COMMUNITY-TOOL] [GUIDE] — Community forum thread detailing user-submitted troubleshooting tips and configuration overrides for the --insecure-registry docker daemon parameter. This historical Q&A addresses common handshake and certificate mapping issues during registry prototyping. Modern security postures mandate avoiding insecure setups in production environments.

P2P Container Distribution

Kraken

  • (2024) ==uber/kraken== 6699 [GO CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] [LEGACY] — Uber's peer-to-peer (P2P) Docker registry designed for ultra-high-throughput image distribution in highly distributed, large-scale container cluster environments. Real-world grounding shows this project is archived and legacy, with the industry shifting toward CNCF Dragonfly. It remains a historical reference for complex peer-to-peer registry orchestration patterns.

DevOps Platform Choices

DevOps Comparison

GitHub vs JFrog

  • (2022) jfrog.com: GitHub vs JFrog: Who Can do the Job for DevOps? [N/A CONTENT] [COMMUNITY-TOOL] — A comparative analysis evaluating the technical capabilities, package registry performance, and CI/CD tools of GitHub (Actions and Packages) versus JFrog's dedicated artifact management ecosystem. It highlights differences in granular access, performance scalability, and enterprise regulatory support. The article advises when to rely on a hybrid model or dedicated artifact platform.

DevSecOps and Registry

Artifact Management (1)

Security Hardening

  • (2025) guides.sonatype.com: secure docker registries [DOCUMENTATION] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Technical guide addressing safe configuration patterns for private container registries. Emphasizes proxy configurations, custom SSL certificate injection, and registry cleanup policies to reduce host storage demands.

CICD Integration

Sonatype Nexus

  • (2025) Nexus Platform Plugin for Jenkins [DOCUMENTATION] 🌟🌟🌟 [COMMUNITY-TOOL] — A comprehensive integration guide for the Sonatype Nexus Platform plugin in Jenkins pipelines. It facilitates automated artifact publishing, component evaluation against security policies, and vulnerability reporting directly within the CI/CD execution pipeline.

Infrastructure Security

Container Registries

Harbor

  • (2026) Harbor [GO CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Harbor is a CNCF Graduated, enterprise-class container registry that secures artifacts with role-based access control, vulnerability scanning (via Trivy), and cryptographic image signing (via Cosign/Notary). It provides multi-tenant capabilities, geographic replication, and advanced audit logging. As a de facto standard for private cloud registries, it is highly adopted globally.

Harbor Automation

  • (2021) ==nicholasamorim/ansible-role-harbor== 26 [YML CONTENT] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — An Ansible role built to deploy and configure Harbor container registries on virtual machine hosts. Real-world grounding shows this project is unmaintained, reflecting a classic VM-centric infrastructure-as-code deployment pattern. Modern container-centric deployments strongly favor Kubernetes-native Helm-based installation paths.
  • (2020) galaxy.ansible.com/mkgin/vmware-harbor [N/A CONTENT] [LEGACY] — An Ansible Galaxy integration hub targeting VMware's deployment instances of the Harbor container registry. This legacy role is built for deploying VM-hosted registries. Modern engineering workflows prioritize containerized cluster deployments instead of Ansible-orchestrated VM-level Harbor runtimes.
  • (2019) mramanathan/ansible-harbor [YML CONTENT] [LEGACY] — A legacy, inactive Ansible playbook repository configured to deploy a Harbor instance. Real-world grounding confirms zero recent updates, classifying it as obsolete. Platform engineers are encouraged to reference standard, actively maintained Kubernetes operator resources or Helm charts instead.

Harbor Installation

  • (2021) goharbor.io: Deploy Harbor with the Quick Installation Script [SHELL CONTENT] [DOCUMENTATION] [COMMUNITY-TOOL] — Step-by-step instructions for deploying a Harbor container registry instance quickly using an automated install script. This setup is highly suited for developer local environments, evaluations, and rapid proof-of-concept deployments. In production environments, enterprise-ready architectures should use the official Harbor Helm Chart instead.

Project Quay

  • (2026) github.com/quay [GO CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — The master GitHub organization for Project Quay, hosting core engines, the Clair container vulnerability scanner, deployment operators, and custom storage connectors. This collective ecosystem delivers advanced container management utilities designed for high-availability environments. It represents the central technical repository for self-hosted, enterprise-ready image registries.

Quay Licensing

  • (2019) Quay 3.1 Certified Operator is not available in Openshift and must be purchased [N/A CONTENT] [DOCUMENTATION] [LEGACY] — Historical reference regarding the commercial positioning and purchasing models of the Red Hat Quay 3.1 Certified Operator within OpenShift ecosystems. While previously highlighting commercial limitations, modern OpenShift ecosystems have integrated operators and community Project Quay alternatives smoothly. This documentation is legacy, detailing enterprise licensing landscapes of the 2019 era.

Quay Operators

  • (2026) ==Quay Community Edition operator== 145 [GO CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — The official Kubernetes Operator designed to automate the lifecycle, database migrations, and SSL termination of Project Quay registries inside OpenShift and Kubernetes clusters. It handles storage setup, migration tracks, and configuration synchronization natively. Utilizing this operator dramatically reduces the operational overhead of running high-availability registry setups.

Quay Releases

  • (2019) Quay 3.0 released in May 2019 [N/A CONTENT] [DOCUMENTATION] [LEGACY] — Announcement documentation marking the release of Red Hat Quay 3.0, introducing Windows Container support and a multi-architecture architecture overhaul. This release solidified Quay's capability to orchestrate high-availability registries across diverse operating system nodes. While conceptually informative, it is categorized as legacy given the continuous evolutionary releases of the v3.x and v4.x lineages in modern production.

Market and Strategy

DevOps Platforms

JFrog Strategy

  • (2021) seekingalpha.com: JFrog Reminds Me Of MongoDB [N/A CONTENT] [COMMUNITY-TOOL] — An external market analysis tracing JFrog's economic trajectory and product adoption patterns, comparing its position in the DevOps ecosystem to MongoDB's disruptive influence in databases. It discusses developer adoption, platform consolidation, and commercial growth. The article presents a non-technical overview of JFrog's platform viability.

Orchestration and Packaging

Helm and GitOps

Artifactory

  • (2025) ==jfrog.com: Kubernetes Helm Chart Repositories 🌟== [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Enterprise guide to leveraging JFrog Artifactory as a secure, high-availability Helm chart repository. Covers repository layout, role-based access control, package versioning, and integration with Kubernetes container execution steps.

💡 Explore Related: Jenkins | Sonarqube | Stackstorm