Using Gitlab registry with google Jib

Even if it has been there for a long time now and I've even wrote a post about it, Google announced officially JIB few weeks back! Jib is a nice tool that helps automate the packaging of a Java program so that it can be run in the cloud-native environment.

In this post, I'll describe how easy to use gitlab registry with Google Jib.

Gitlab setup!

GitLab Registry is a secure and private registry for Docker images. To start using it, make sure first it's enabled. If not, you need to ask your system administrator to enable GitLab Registry following the documentation. Now you should see the registry tab on the left menu of your gitlab repository.

Next step is to verify your login credentials using: docker login registry.your-gitlab.com using your gitlab username and password.

Jib configuration

The example is a very simple spring boot app that basically does nothing except returning a Hello World!. In addition to the project dependencies, the pom contains the following configuration options for customizing the image build:

...
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
            <plugin>
                <groupId>com.google.cloud.tools</groupId>
                <artifactId>jib-maven-plugin</artifactId>
                <version>0.9.7</version>
                <configuration>
                <from>
                    <image>gcr.io/distroless/java</image>
                </from>
                <to>
                    <image>registry.gitlab.com/aboullaite/jib-springboot</image>
                </to>
                <container>
                    <jvmFlags>
                        <jvmFlag>-Xms512m</jvmFlag>
                    </jvmFlags>
                </container>
                <ports>
                    <port>8080</port>
                </ports>
                </configuration>
            </plugin>
        </plugins>
    </build>

Google jib uses gcr.io/distroless/java by default as a base image, this can be of course changed. you can also read more about distroless images here.

As I've stated in my previous post, I prefer the combination of Maven setting with Maven password encryption to secure the credentials of my private registries. my setting.xml contains the following inputs for gitlab registry authentication:

   <server>
      <id>registry.gitlab.com</id>
      <username>aboullaite</username>
      <password>{CFQ4E6DU6GtcSTP-}</password>
    </server>

That's pretty much it. now if you run mvn compile jib:build you should notice that Jib created targer/jib-cache folder where jib save it's cache layers as tar files.

Also, GitLab offers simple Registry management. It should container the newly created image:

This was the minimum configuration to setup gitlab registry with google jib to save your java app images. With the combination of Gitlab-CI or any other CI/CD tool, this can be extended to make you CD/CD pipeline more powerful.