|
Due to limitations of the Docker client, in Artifactory SaaS there is a special configuration for each server with a sub-domain. You need to create a new Docker enabled local repository named Then, use the following address when working with the Docker client: |
When using Artifactory with Docker V1, you need to set your credentials manually by adding the following section to your ~/.docker/config.json
file.
{ "auths" :{ "https://artprod.company.com" : { "auth": "<USERNAME>:<PASSWORD> (converted to base 64)", "email": "youremail@email.com" }, "https://artdev.company.com" : { "auth": "<USERNAME>:<PASSWORD> (converted to base 64)", "email": "youremail@email.com" } } } |
Pushing and pulling images when using Docker V1 is done in the same way as when using Docker V2. Please refer to Pushing and Pulling Images under the Docker Repositories page.
Once you have completed the above setup you should beableuse the Docker client to transparently push images to and pull them from Docker repositories in Artifactory. You can see this in action in the screencast below.
<iframe width="560" height="315" src="https://www.youtube.com/embed/014ZXoJnDys" frameborder="0" allowfullscreen></iframe> |
Artifactory stores docker images in a layout that is made up of 2 main directories:
In addition, Artifactory annotates each deployed docker image with two properties:
Deployed tags are also annotated with two properties:
Artifactory lets you view the complete images tree for a specific image directly from the UI in a similar way to what you would get from the docker images --tree
command.
In the Artifacts module Tree Browser, drill down to select the image you want to inspect. The metadata is displayed in the Docker Ancestry tab.
In the Artifacts module Tree Browser, drill down to select image you want to inspect. The metadata is displayed in the Docker Info tab.
In addition to other properties related to Docker repositories, you can also search for repositories using a property called docker.repoName
, which represents the repository name (e.g., "library/ubuntu").
Promoting Docker images with Docker V1 is done in exactly the same way as when Promoting Images with Docker V2.
We recommend using Docker V2 repositories when possible (provided your Docker client is version 1.6 and above).
If you have an existing Docker V1 repository, you can migrate its content into a V2 repository using the following endpoint with cURL:
POST api/docker/<repoKey>/v1/migrate { "targetRepo" : "<targetRepo>", "dockerRepository" : "<dockerRepository>", "tag" : "<tag>" } |
where:
<repoKey> | Source repository key (For example, docker-local as used in this page) |
<targetRepo> | The target Docker V2 repository to migrate to (For example, docker-local2 as used in this page). The repository should be created before running the migrate endpoint. |
<dockerRepository> | An optional docker repository name to migrate, if null - the entire source repository will be migrated. Default: "" |
<tag> | An optional tag name to promote, if null - the entire docker repository will be promoted. Default: "" |
An example for migrating the docker image "jfrog/ubuntu"
with all of it's tags from docker-local
to docker-local2
using cURL would be:
curl -i -uadmin:password -X POST "http://localhost:8081/artifactory/api/docker/docker-local/v1/migrate" -H "Content-Type: application/json" -d '{"targetRepo":"docker-local2","dockerRepository":"jfrog/ubuntu"}' |
Artifactory natively supports removing tags and repositories and complies with the .
Deletion of Docker tags and repositories automatically cleans up any orphan layers that are left (layers not used by any other tag/repository).
Currently, the Docker client does not support DELETE commands, but deletion can be triggered manually using cURL. Here are some examples:
//Removing the "jfrog/ubuntu" repository curl -uadmin:password -X DELETE "https://artprod.company.com/v1/repositories/jfrog/ubuntu" //Removing the "12.04" tag from the "jfrog/ubuntu" repository curl -uadmin:password -X DELETE "https://artprod.company.com/v1/repositories/jfrog/ubuntu/tags/12.04" |
Any empty directories that are left following removal of a repository or tag will automatically be removed during the next folder pruning job (which occurs every 5 minutes by default). |
From Docker version 1.3.1, you can use self-signed SSL certificates with docker push/pull
commands, however for this to work, you need to specify the --insecure-registry
daemon flag for each insecure registry.
For full details please refer to the.
For example, if you are running Docker as a service, edit the /etc/default/docker
file, and append the --insecure-registry
flag with your registry URL to the DOCKER_OPTS variable as in the following example:
DOCKER_OPTS="-H unix:///var/run/docker.sock --insecure-registry artprod.company.com" |
For this to take effect, you need to restart the Docker service.
If you are using Boot2Docker, please refer to the Boot2Docker documentation for.
If you do not make the required modifications to the --insecure-registry
daemon flag, you should get the following error:
Error: Invalid registry endpoint https://artprod.company.com/v1/: Get https://artprod.company.com/v1/_ping: x509: certificate signed by unknown authority. |
In order to use self-signed SSL certificates with previous versions of Docker, you need to manually install the certificate into the OS of each machine running the Docker client (see |
In addition to NGINX, you can setup Artifactory to work with Docker using Apache.
The sample configuration below configures SSL on port 443 and a server name of artprod.company.com.
|
If you want to use multiple repositories, you need to copy the NGINX configuration and bind different ports to each local repository in Artifactory.
When binding a port other than 443, note that the configuration for the proxy header must be appended with the port number on the proxy_set_header
line.
For example, for a server running on port 444 you should write proxy_set_header Host $host:444
.
When accessing a Docker repository through Artifactory, the repository URL must be prefixed with api/docker in the path.
You can copy the full URL from the UI using Set Me Up when the repository is selected in the Tree Browser.
For example, if you are using Artifactory standalone or as a local service, you would access your Docker repositories using the following URL:
http://localhost:8081/artifactory/api/docker/<repository key>
Also, the domain of your Docker repository must be expressed as an explicit IP address. The only exception is when working locally, you can use the localhost domain name as the proxy pass.
Please refer to the support matrix under Docker Repositories.