Using Artifactory with Docker: Basics, Tutorial & Best Practices

What Are Artifactory and Docker? 

Artifactory is a binary repository manager that allows developers to store, share, and manage software binaries and build artifacts. It is used in continuous integration and continuous deployment (CI/CD) pipelines to ensure reliable delivery of software. By supporting various package formats and integrating with major build tools, Artifactory handles binaries throughout the software development lifecycle.

Docker is a platform for developing, shipping, and running applications in containers. Docker containers allow applications to run consistently across different environments by bundling application code with its dependencies. This concept changed how software is built and deployed, offering rapid, reliable development cycles. 

Benefits of Integrating Artifactory with Docker 

Integrating Artifactory with Docker provides a solution for managing Docker images throughout the software development lifecycle. This integration optimizes storage, improves security, and simplifies CI/CD workflows, enabling teams to maintain reliable and efficient development and deployment processes. 

Here are some key benefits of combining Artifactory and Docker:

• Centralized storage and version control: Integrating Artifactory with Docker provides a centralized storage location for Docker images, allowing teams to manage versions and dependencies. Artifactory tracks all image versions, making it easier to revert, update, or audit changes in Docker images across the software lifecycle. This setup also prevents duplication and minimizes storage overhead by utilizing Artifactory’s deduplication capabilities.
• Enhanced security and access control: Artifactory offers fine-grained access controls for Docker images, enabling organizations to set permissions at the user, group, and repository levels. This control mechanism strengthens security by allowing only authorized users to access Docker images. Artifactory’s support for vulnerability scanning ensures that any vulnerabilities in Docker images are detected early, reducing security risks in production environments.
• Simpler CI/CD pipeline: By integrating Docker and Artifactory, teams can automate Docker image storage, retrieval, and deployment within CI/CD pipelines. Artifactory’s integration with CI/CD tools (e.g., Jenkins, GitLab CI) allows images to be pushed and pulled as part of build and deployment processes without manual intervention, accelerating build times and ensuring consistency across different stages of development.
• Efficient caching and faster build times: Artifactory enables efficient caching of Docker images, reducing the time and bandwidth needed to pull frequently used base images. Caching helps optimize builds by ensuring that commonly used dependencies are readily available, significantly cutting down build times, especially in large, multi-stage builds.
• Disaster recovery and backup capabilities: Artifactory offers backup and replication capabilities, allowing Docker images to be replicated across multiple locations. This increases redundancy and supports disaster recovery by ensuring images are recoverable in case of data loss or corruption.

Tutorial: Getting Started with Artifactory Using Docker 

This tutorial provides an overview of how to set up and work with Docker images in Artifactory. These instructions are adapted from the Artifactory documentation.

Set Up a Docker Repository

To set up a Docker repository in Artifactory, follow these steps:

1. Define the Repository

Artifactory supports three types of Docker repositories:

• Local repositories: For internal Docker images, acting as private Docker registries within the organization. To create a local repository, go to Administration > Repositories > Local, select Docker, and configure the settings, including the Docker API version (set to V2) and unique tag limits.
• Remote repositories: To proxy external Docker resources like Docker Hub, set up a remote repository via Administration > Repositories > Remote. For Docker Hub, use https://registry-1.docker.io/ as the URL and ensure token authentication is enabled. Set authentication credentials to avoid pull rate limits and enable Foreign Layers Caching if needed.
• Virtual repositories: These aggregate both local and remote repositories, allowing a single endpoint for image access. In Administration > Repositories > Virtual, select Docker, choose a repository key, and specify the repositories to include. You can also set a default deployment target for image uploads.

2. Configure Repository Naming and Access

When naming Docker repositories in Artifactory, avoid underscores, as Docker clients cannot connect to registries with underscores in the name. Use hyphens or dots instead, such as test.docker.repo.

3. Set Repository Path and Domain for Remote Access

To access a remote Docker repository in Artifactory, prepend the repository URL with api/docker, like http://my-site:8081/artifactory/api/docker/<my_repository_key>. This ensures proper routing and access to remote images through Artifactory.

Promote Docker Images

Promoting Docker images is useful for managing images across different environments, such as from a development to a production repository. This ensures that the exact image that passed testing and CI checks is the one deployed in production, removing the need to rebuild images multiple times.

In Artifactory (version 7.94.1 and above), the image promotion process follows OCI tag validation by default. To disable this validation, update the system configuration by setting artifactory.docker.filter.digests.from.tags.list.enabled to false.

To promote an image, use Artifactory’s REST API POST endpoint. Below is the syntax for promoting images using cURL:

curl -i -uadmin:password -X POST "https://artprod.company.com/api/docker/<repoKey>/v2/promote" \
-H "Content-Type: application/json" \
-d '{
"targetRepo": "<targetRepo>",  
  "dockerRepository": "<dockerRepository>",  
  "tag": "<tag>",  
  "targetTag": "<targetTag>",  
  "copy": <true | false>  
}'

Key points about this configuration:

• repoKey: Source repository key where the image is stored.
• targetRepo: Target repository for the image.
• dockerRepository: Name of the Docker repository to promote.
• tag: The image tag to promote (optional, default is latest).
• targetTag: New tag for the promoted image, if applicable.
• copy: Set to true to copy the image; set to false to move it.

Example Commands:

Basic promotion: To move all tags of an image from docker-local to docker-prod:

curl -i -uadmin:password -X POST "https://artprod.company.com/api/docker/staging-local/v2/promote" \
-H "Content-Type: application/json" \
-d '{"targetRepo":"production-repo","dockerRepository":"examplecorp/nginx"}'

Promotion with retagging: To promote jfrog/ubuntu:4.9.0 and retag it as latest:

curl -i -uadmin:password -X POST "https://artprod.company.com/api/docker/staging-local/v2/promote" \
-H "Content-Type: application/json" \
-d '{"targetRepo":"production-repo","dockerRepository":"examplecorp/nginx", "tag": "1.5.2", "targetTag": "stable"}'

Push and Pull Docker Images

To push and pull Docker images using Artifactory, follow these steps to configure the Docker client and manage both standard and multi-architecture images.

1. Configure Docker Client for Push and Pull Commands

To get the specific push and pull commands for the repository, navigate to Artifactory > Artifacts > Artifact Repository Browser in the Application module and select Set Me Up. This option provides the correct docker push and docker pull commands based on the repository’s configuration.

2. Push the Docker Images to Artifactory

To push Docker images, authenticate the Docker client with Artifactory and use the docker push command. For standard images, tag the image with the Artifactory repository path and execute:

docker tag local-image:tag artifactory-domain/repository-name/image-name:tag
docker push artifactory-domain/repository-name/image-name:tag

For multi-architecture images, Artifactory supports methods to push each architecture separately or push multiple architectures in bulk using Docker Buildx:

1. Push images one by one: Build and push each architecture with a unique tag:

docker build -t artifactory-domain/repo/image:amd64 --build-arg ARCH=amd64 Dockerfile
docker push artifactory-domain/repo/image:amd64

2. Push multi-architecture images using Buildx: To push all architectures at once, use Docker Buildx:

docker buildx build --platform linux/amd64,linux/arm64 --tag artifactory-domain/repo/multiarch-image:tag --push .

After pushing all individual images, create a manifest list to represent all architectures under a single tag:

docker manifest create artifactory-domain/repo/multiarch-image:tag \
  --amend artifactory-domain/repo/image:amd64 \
  --amend artifactory-domain/repo/image:arm64
docker manifest push artifactory-domain/repo/multiarch-image:tag

3. Pull Docker Images from Artifactory

To pull Docker images from Artifactory, use the docker pull command with the appropriate image tag:

docker pull artifactory-domain/repo/image-name:tag

For multi-architecture images, specify the tag associated with the desired platform, or pull the main manifest tag to retrieve the appropriate version automatically for the architecture.

Best Practices for Using Artifactory with Docker 

Set Up Repositories Strategically

Begin by categorizing repositories based on CI/CD pipeline stages—development, testing, and production. This ensures smoother artifact promotion workflows and improves traceability. Artifactory supports both local and remote repositories, enabling the management of dependencies from external sources.

Strategically configuring repositories also involves aligning them with the team’s development and operational needs. It may involve setting usage limits and retention policies to keep the repository efficient over time. Reviewing and adjusting the setup regularly will optimize performance and reduce overhead associated with storage and maintenance.

Enable Docker Registry Access

Enabling Docker registry access in Artifactory requires correct configuration of network settings, such as specifying DNS and proxy settings to allow external access. Artifactory’s registry acts as a central hub for Docker images, promoting efficiency in managing Docker operations across the organization. This step eliminates the need for multiple registries.

Access control ensures that only authorized users have the permissions to push and pull images. Configuring permissions at the user and group level improves security and operational efficiency. Regular audits of access permissions ensure ongoing compliance with security policies, protecting sensitive data and proprietary software components.

Enable Image Layer Deduplication

Image layer deduplication is a feature in Artifactory for minimizing storage utilization, especially in environments with substantial Docker image usage. This feature identifies duplicate layers across different images, storing them once to save space and improve efficiency. Deduplication is useful for optimizing resource usage and costs associated with storage in large enterprises.

Implementing deduplication involves configuring repository settings to ensure Artifactory accurately identifies and processes duplicate layers. Regular monitoring and analysis of deduplication processes help maintain optimal storage performance and reliability. Keeping repositories clean and efficient contributes to system health.

Define Cleanup Policies

Cleanup policies specify which images and artifacts to retain or delete, based on age, usage, or other criteria. Regular cleanup helps in managing storage usage, maintaining system performance, and ensuring only necessary assets are retained, reducing the clutter within repositories.

Automation can be used to enforce these cleanup policies, scheduling regular maintenance tasks that align with organizational policies. Monitoring execution effectiveness of these tasks is crucial to prevent the accidental removal of essential artifacts. Regular reviewing and updating of these policies adapt to changes in project requirements.

Use Access Tokens and LDAP Integration

Access tokens enable secure repository access by authenticating users and services without exposing their credentials, offering time-bound or one-time access options. This improves security and reduces administrative overhead in managing credentials manually.

LDAP integration further strengthens security by enabling centralized authentication and authorization management across systems. With LDAP, user management becomes simpler, ensuring that team members have appropriate access levels. Regularly reviewing access logs and permissions through LDAP and access tokens ensures compliance with security policies.

Codefresh Artifactory Integration

Codefresh is a modern deployment solution built for GitOps and containers. It has built-in support for Docker registries hosted in Artifactory in a number of ways:

• An Artifactory Docker registry can be used as a target registry
• The native push step can tag and push images to the Docker registry hosted in Artifactory
• The images dashboard can show all contains stored in Artifactory 

Beyond Artifactory integration, Codefresh helps you meet the continuous delivery challenge. Codefresh is a complete software supply chain to build, test, deliver, and manage software with integrations so teams can pick best-of-breed tools to support that supply chain. 

Built on Argo, the world’s most popular and fastest-growing open source software delivery toolchain, Codefresh unlocks the full enterprise potential of Argo Workflows, Argo CD, Argo Events, and Argo Rollouts and provides a control-plane for managing them at scale.

Ready to Get Started?

Deploy more and fail less with Codefresh and Argo

Sign Up