Architecture: Integrating the CloudBees Jenkins Platform with Docker Hub 2.0

Docker is an incredibly hot topic these days. Its role in Jenkins infrastructures will soon become prominent as companies discover how Docker fits within their environments, as well as how to use Docker and Jenkins together most effectively across their software delivery pipelines.

The major use cases for Docker in a Jenkins infrastructure are:

• Customize the build environment: Different applications often require different build tools, some of these tools require root permissions to be installed on the build servers (x11/xvfb and Firefox for headless tests such as selenium, ImageMagick...). Jenkins admins once solved this problem by increasing the number of flavors of Jenkins agents, but it was limited by hardware constraints and was not flexible for project teams. The CloudBees Docker Custom Build Environment Plugin and the CloudBees Docker Workflow Plugin offer a new way to solve this challenge with much more flexibility, allowing Jenkins admins to manage only one flavor of Jenkins agents—Docker enabled agents—and let the project team customize their build environment to their needs running their jobs in Docker containers.

• Ship applications as Docker images: More and more applications get shipped as Docker images (instead of war/exe/... files) and the continuous integration platform has to build and publish these Docker images.

For these scenarios, the Jenkins infrastructure needs to access a Docker registry to retrieve/pull the Docker images used on Docker-enabled agents and to store/push the Docker images created by Jenkins builds.

Docker Hub

Docker Hub is the cloud-based registry service offered by Docker, Inc. Docker Hub combines the official registry of public images on which every Docker user relies, with a private registry that will allow the user to manage private images.

Integrating a Jenkins infrastructure with Docker Hub requires architecture decisions that are similar to the decisions made to integrate Jenkins with online services, such as GitHub or BitBucket.

Direct Connectivity from the Jenkins Infrastructure to Docker Hub

The most straightforward solution is to simply open network connectivity (http and https) from the Jenkins agents to Docker Hub.

Architecture: Jenkins infrastructure and hub.docker.com

Connecting the Jenkins Infrastructure to Docker Hub through a Proxy

Several organisations will prefer to secure the connectivity of the Jenkins infrastructure to the outside world with firewalls and proxies.

To do so, it is necessary to declare the HTTP proxy in the configuration of the Docker daemon on each Jenkins agents as documented in Docker Documentation - Control and configure Docker with systemd - HTTP proxy .

Sample /etc/systemd/system/docker.service.d/http-proxy.conf :

[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"

Architecture: Jenkins infrastructure and hub.docker.com through an HTTP proxy

Private Docker Registries behind Firewalls?

This blog post covered how to integrate a Jenkins infrastructure with the Docker Hub public registry service. We will cover in a separate post the integration of a Jenkins infrastructure with a private registry, behind a firewall.

Accessing the Docker Hub Registry in Jenkins Jobs

To see how to access the Docker Hub registry and to manage your credentials in Jenkins jobs, please read Nicolas De Loof's blog post Docker Hub 2.0 Integration with CloudBees Jenkins Platform and watch the screencast:

Cyrille Le Clerc
Product Manager
CloudBees

Cyrille Le Clerc came to CloudBees from Xebia, where he was CTO and architect. Cyrille was an early adopter of the “You Build It, You Run It” model, thus naturally embraced the DevOps culture. Cyrille is very active in the Java community, is the creator of the embedded-jmxtrans open source project and is a speaker at conferences.