Access Artifactory Securely with Kubernetes

To allow Kubernetes to download images from a secured Artifactory instance (for example, an instance that doesn’t allow anonymous access):

Artifactory User Setup

  1. Create a user in Artifactory to serve as the service principal.
  2. Log into this user and create an API token.

Docker Credentials

With the API token, log into the Docker instance (username is service account username, password is API key):

docker login REPOSITORY_PATH

Once logged in successfully, access the config.json file created to get the token to use.

Kubernetes Token Creation

Upload the following JSON, using the auth token generated above:

kubectl create secret generic artifactory-authtoken \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
    --type=kubernetes.io/dockerconfigjson

Kubernetes Deployment Reference

Finally, reference the auth token in your Kubernetes deployments:

spec:
  ..
  imagePullSecrets:
  - name: artifactory-authtoken

Troubleshooting

If you’re having issues, make sure the server name used in the deployment and the server name logged in (including port numbers) match.

Reference

https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

Leave a Reply

Your email address will not be published. Required fields are marked *