Docker

Overview

Docker is a platform that lets you develop, ship, and run applications in environments called containers. Containers allow you to run applications consistently with all dependencies across different environments.

JFrog Fly supports OCI (Open Container Initiative) native images, ensuring compatibility across container tools like Docker, Docker Buildx, and Podman.

Integrating Docker with JFrog Fly allows you to manage your images and releases from source code to production in a simple and native way, directly from your IDE.

Supported Clients

JFrog Fly supports container images built with:

  • Docker CLI (docker build, docker push, docker pull) - The standard Docker command-line interface for building and managing container images

  • Docker Buildx (docker buildx build --push) - Docker’s extended build capabilities with BuildKit, supporting multi-platform images (e.g., amd64 and arm64), improved caching, and advanced build features

  • Podman (podman build, podman push, podman pull) - Daemonless container engine, fully compatible with Docker images

All tools push and pull images using the same registry format, so images built with any tool are fully compatible.

Upload / Push Image

With Fly App

Activate Docker in your Fly App to automatically authenticate, then push your image:

docker push <your-fly-subdomain>.jfrog.io/docker/my-image:latest

Manual Configuration

1. Generate an access token in Fly Token Management

2. Login to Docker:

docker login <your-fly-subdomain>.jfrog.io -u <your-fly-username> -p <your-fly-token>

3. Push your image:

docker push <your-fly-subdomain>.jfrog.io/docker/my-image:latest

Download / Pull Image

With Fly App

Activate Docker in your Fly App to automatically authenticate, then pull your image:

docker pull <your-fly-subdomain>.jfrog.io/docker/my-image:latest

Manual Configuration

1. Generate an access token in Fly Token Management

2. Login to Docker:

docker login <your-fly-subdomain>.jfrog.io -u <your-fly-username> -p <your-fly-token>

3. Pull your image:

docker pull <your-fly-subdomain>.jfrog.io/docker/my-image:latest

From Public Registry

Activate Docker in your Fly App (or login manually as shown above), then pull from public registries.

When you pull an image that isn’t in your Fly Registry, JFrog Fly automatically fetches it from DockerHub and caches it for future use.

docker pull <your-fly-subdomain>.jfrog.io/docker/nginx:latest

Push/Pull Images with CI

To push and pull Docker images with CI, update your GitHub Actions workflow to include the Fly action.

Simply type in your IDE the prompt: “Configure my workflows with Fly” and Fly MCP will configure your GitHub Actions workflow yml file, as follows:

1. Add permissions (top level, after on:):

permissions:
  contents: read
  id-token: write

2. Add Fly Action (after package manager setup steps like actions/setup-node, before artifact operations like npm install, docker push):

- name: JFrog Fly - Configure all your package managers to work with Fly registry
  uses: jfrog/fly-action@v1
  with:
    url: https://<your-fly-subdomain>.jfrog.io

3. Name your image using your Fly registry path: <your-fly-subdomain>.jfrog.io/docker/my-app:tag

GitHub Action Example

name: Build and Push Docker Image

on:
  push:
    branches: [main]

permissions:
  contents: read
  id-token: write

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: JFrog Fly - Configure all your package managers to work with Fly registry
        uses: jfrog/fly-action@v1
        with:
          url: https://<your-fly-subdomain>.jfrog.io

      - name: Build Docker image
        run: docker build -t <your-fly-subdomain>.jfrog.io/docker/my-app:${{ github.sha }} .

      - name: Push Docker image
        run: docker push <your-fly-subdomain>.jfrog.io/docker/my-app:${{ github.sha }}

Deployment to Runtime

To deploy your Docker image to your runtime environment, you need a Fly image secret. If you don’t have one:

  • Option A: Prompt in your IDE to deploy the image, and Fly MCP will add the token in a secure way
  • Option B: Generate a new token in Fly Token Management and add it to your Kubernetes cluster or other container orchestration platform

Pull Docker Secret to K8s

Here’s an example of how to create an image pull secret with your Fly credentials:

kubectl create secret docker-registry <secret-name> \
  --docker-server=<your-fly-subdomain>.jfrog.io/docker \
  --docker-username=<your-fly-username> \
  --docker-password=<your-fly-token> \
  --namespace=<namespace>

Note: Replace <secret-name> with any name you choose (e.g., fly-registry-secret). Use <your-fly-username> and <your-fly-token> from Fly Token Management.

Use the Fly Registry image path in your deployment: <your-fly-subdomain>.jfrog.io/docker/<image-name>:<tag>

Example: acmecorp.jfrog.io/docker/payment-service:v2.3.1

Back to Package Types →