Use Kubernetes with Artifactory Cloud

JFrog Artifactory Documentation

JFrog Artifactory
Content Type
User Guide

Follow this guide to configure your Kubernetes server with an Artifactory container registry, and be able to pull your images from a private Artifactory registry.

To integrate Artifactory with Kubernetes, you need:

  • An artifactory instance with a configured Docker repository: for more information, see Set Up a Docker Repository.

  • A Kubernetes cluster.

To configure Kubernetes to pull containers from a private Artifactory registry:

  1. For each relevant namespace, create a Kubernetes docker-registry secret for connecting to your Artifactory by running the following command:

    kubectl create secret docker-registry regcred \
    --docker-server=<JFROG-HOSTNAME> \
    --docker-username=<JFROG-USERNAME> \
    --docker-password=<PASSWORD> \
    --docker-email=<EMAIL> \
    --namespace <NAMESPACE>


    Make sure to replace the placeholders with your actual user information: for security reasons, it is best to choose a dedicated user which is not your Artifactory admin and has minimal required permissions.




    Your JFrog hostname URL


    Your JFrog account username


    Your secret or JFrog identity token. Note that you can edit the token scope to restrict access to Artifactory.


    The email address associated with your JFrog account


    Your Kubernetes cluster namespace

    For example:

    ➜  ~ kubectl create secret docker-registry regcred \ \
    --docker-username=read-only \
    --docker-password=my-super-secret-pass \ \
    --namespace my-app-ns
  2. Set up Kubernetes to use the secret to pull images for your workloads. You can do this either for all the workloads in your namespace, or for each workload separately.

    1. To set the secret as default to your namespace (recommended), run the following command to edit your Service Account object and add your secret name into the imagePullSecrets list attribute:


      Make sure to replace the placeholder with your actual Kubernetes namespace

      ➜  ~ kubectl edit serviceaccount default -n <NAMESPACE>
      apiVersion: v1
      kind: ServiceAccount
      - name: regcred
    2. To add the secret to every workload separately, add it into your object manifests and helm charts, see the below example:

      apiVersion: apps/v1
      kind: Deployment
            - image:
            - name: regcred
  3. Test your configuration by running the following command:


    Make sure to replace the placeholder with your actual Kubernetes namespace

    ➜  ~ kubectl get pods -n <NAMESPACE>

    You should get the following response:

    NAME                        READY   STATUS    RESTARTS   AGE
    my-app-57db67b7d5-nr8db   1/1     Running   0          5m

Amazon EKS Integration

If you are using Amazon EKS, you can use JFrog’s seamless integration with AWS AssumeRole which allows JFrog Artifactory to securely serve container images to EKS. For more information, see Empowering Kubernetes Security: JFrog’s Seamless Integration with AWS AssumeRole.

For more information about Artifactory and Kubernetes, see Kubernetes Helm Chart Repositories.