Artifactory Binary Repository
Repository Permissions
*-public: Read only content is available by everyone without authentication
*-internal: Read only content is available by everyone with authentication
Team can get write permission available for public and internal repository. The team will be able to push artifact to their autorized path only. e.g. docker-internal/project-name/**
API key
- Go to your profile -> Authentication settings
- Create a API key
Note: username is your email and password is the API key
Docker
login
Use
docker login artifactory.thalesdigital.io
# use email and API key to login
docker image URL
\<docker-registry-server>/\<repository>/\<image-url>
- docker-registry-server: artifactory.thalesdigital.io
- repository: in which repository the docker image is stored into artifactory
- image-url: Title from Docker Info when a image is selected
Pull image
docker pull artifactory.thalesdigital.io/docker-internal/k8saas/promalertzendesk:latest
Push image
docker push artifactory.thalesdigital.io/docker-internal/k8saas/nginx:latest
Image naming convention
artifactory.thalesdigital.io/docker-internal/\<\k8saas-or-esaas>/\<subgroup>/\<project-name>[:TAG]
- artifactory.thalesdigital.io: artificatory repository
- docker-internal: repository not public
- subgroup: optional Group images under a logical set.
- k8saas-or-esaas: our subfolder to groups k8saas and essaas docker images
- \<project-name>: distinction between projet
Convertion examples:
Gitlab | artifactory |
---|---|
registry.thalesdigital.io/platform-team-canada/k8saas-innersource/python/reporting/rbac-service | artifactory.thalesdigital.io/docker-internal/k8saas/rbac-service |
$CI_REGISTRY/platform-team-canada/k8saas-innersource/docker-images/pre-commit:0.3.0 | artifactory.thalesdigital.io/docker-internal/k8saas/pre-commit:0.3.0 |
Migrate image from repo
# pull original image
docker pull registry.thalesdigital.io/platform-team-canada/k8saas-innersource/python/reporting/data-service:1.18.0
# tag with the new repository
docker tag registry.thalesdigital.io/platform-team-canada/k8saas-innersource/python/reporting/rbac-service:1.18.0 artifactory.thalesdigital.io/docker-internal/k8saas/rbac-service:1.18.0
# push image in the new repository
docker push artifactory.thalesdigital.io/docker-internal/k8saas/rbac-service:1.18.0
Kaniko
There are 2 ways to provide artifactory credentials to kaniko
- Using auth
ARTIFACTORY_AUTH=$(echo -n $ARTIFACTORY_USERNAME:$ARTIFACTORY_API_KEY | base64 | tr -d "\n")
echo "{\"auths\":{\"$ARTIFACTORY_REPO\":{\"auth\":\"$ARTIFACTORY_AUTH\"}}}" > /kaniko/.docker/config.json - Using username and password
echo "{\"auths\":{\"$ARTIFACTORY_REPO\":{\"username\":\"$ARTIFACTORY_USERNAME\",\"password\":\"$ARTIFACTORY_API_KEY\"}}}" > /kaniko/.docker/config.json
python
to be completed