ARTIFACTORY: How to proxy a private Google Artifact Docker Registry

ARTIFACTORY: How to proxy a private Google Artifact Docker Registry

AuthorFullName__c
Elumalai Ganesan
articleNumber
000005790
ft:sourceType
Salesforce
FirstPublishedDate
2023-06-15T16:21:08Z
lastModifiedDate
2023-06-15
VersionNumber
1
Introduction:

With the deprecation of Container Registry, Google introduces Artifact Registry as the new solution for hosting images in the gcr.io domain. This article provides a step-by-step guide on how to proxy a private Google Artifact Docker Registry using Artifactory. By configuring a remote repository in Artifactory, users can seamlessly access and manage their Docker images stored in Artifact Registry.

Please note that the following instructions assume familiarity with Google Cloud Platform (GCP) and Artifactory.

Step 1: Creating a Docker Remote Repository in Artifactory

To begin, create a Docker remote repository in Artifactory. Set the URL of the repository to point to the respective region's Artifact Registry endpoint.

The endpoint URLs typically follow the format "https://region-docker.pkg.dev," where the region corresponds to the location where the Docker registry is created (e.g., "https://europe-docker.pkg.dev," "https://asia-south1-docker.pkg.dev").

User-added image


Step 2: Configuring Service Account Permissions

In the GCP UI, navigate to IAM & Admin → Service Accounts. Select the relevant service account and go to the "Keys" tab. Ensure that the chosen service account has the necessary permissions.

Click on "ADD KEY," then select "Create a new key" and choose the JSON format. Save the downloaded JSON file in a convenient location for future use.


User-added image


Step 3: Authenticating the Docker Remote Repository

Authenticate the Docker remote repository in Artifactory using the previously downloaded JSON file. Use the following credentials:

Username: _json_key
Password: <service account key JSON> (copy the contents of the JSON file and paste it as the password)


Note: It is recommended to use a tool like 'cat' to maintain the JSON file's format during the copy-paste process. Copying directly from a browser may lead to authentication issues.

User-added image

Step 4: Pulling Docker Images from Artifact Registry

With the remote repository configured and authenticated, you can now pull Docker images from the Google Artifact Registry. Follow these steps using the Docker client:

a) Perform a docker login against the Artifactory.
docker login artifactoryurl:8082

b) Pull the Docker image from the Google Artifact registry via JFrog Artifactory:
docker pull artifactoryurl:8082/remoterepokey/googleprojectid/googleartifactoryreponame/imagename:tag

In the example command, replace the placeholders with your specific details. For instance:
docker pull artifactoryurl:8082/demo/demo--381308/demo/nginx:latest

Here, "demo" represents the Artifactory remote name, "demo--381308" corresponds to the Google project ID, and "demo" denotes the Artifact Registry repository.