Docker Registry

Artifactory supports three types of repositories when working with Docker:

• Local repositoriesare a place for your internal Docker images. Through Artifactory's security capabilities, these are secure private Docker registries.
• Remote repositoriesare used to proxy remote Docker resources such as Docker Hub.
• Virtual repositoriescan aggregate multiple Docker registries thus enabling a single endpoint you can use for both pushing and pulling Docker images. This enables the admin to manage the different Docker registries without the users knowing, and continue to work with the same end point.

**Make sure to go to the Advanced tab of each repository and set the Registry Port if you are using the Port method for Docker. Then, the reverse proxy generator should add a new section in for the specified port.

Local Docker Repositories

A local Docker repository is where you can deploy and host your internal Docker images. It is, in effect, a Docker registry able to host collections of tagged Docker images which are your Docker Repositories. Once your images are hosted, you can exercise fine-grained access control, and share them across your organization through replication or by being proxied by repositories in other Artifactory instances.

To define a local Docker repository:

1. From theAdministrationmodule, selectRepositories|Repositories|Local.
2. ClickNew Local Repositoryand selectDockerfrom theSelect Package Typedialog.

3. Set theRepository Key, and in the Docker Settings section, selectV2as the Docker API version.

4. SetMax Unique Tags. This specifies the maximum number of unique tags, per repository, that should be stored for a Docker image. Once the number of tags for an image exceeds this number, older tags will be removed. Leaving the field blank (default) means all tags will be stored.

Reverse Proxy Settings

Artifactory supports access to Docker registries either through a reverse proxy (using thesubdomain methodor throughport bindings), or usingdirect access.

When accessing through a reverse proxy, if you are using the ArtifactoryReverse Proxyconfiguration generator you can configure a Docker repository's reverse proxy settings under theAdvancedsettings tab.For details, please refer toDocker Reverse Proxy Settings.

---

Promoting Docker Images

Artifactory supports promoting Docker images from one Docker repository in Artifactory to another.

Promoting is useful when you need to move Docker images through different acceptance and testing stages, for example, from a development repository, through the different gateways all the way to production. Instead of rebuilding the image multiple times using promotion will ensure the image you will have in your production environment is the one built by your CI server and passed all the relevant tests.

Promotion can be triggered using the following endpoint with cURL:

POST api/docker//v2/promote { "targetRepo" : "", "dockerRepository" : "", "tag" : "", "targetTag" : "", "copy":  }

where:

repoKey	Source repository key
targetRepo	The target repository to move or copy
dockerRepository	The docker repository name to promote
tag	An optional tag name to promote, if null - the entire docker repository will be promoted. Default:latest
targetTag	The new tag that the image should have after being promoted if you want to
copy	When true, a copy of the image is promoted. When false, the image is moved to the target repository

An example for promoting the docker imagejfrog/ubuntu"]with all of it's tags fromdocker-localtodocker-produsing cURL would be:

curl -i -uadmin:password -X POST "https://artprod.company.com/api/docker//v2/promote" -H "Content-Type: application/json" -d '{"targetRepo":"docker-prod","dockerRepository":"jfrog/ubuntu"}'

https://artprod.company.com/api/docker//v2/promote

Notice that the above example is executed through your reverse proxy. To go directly through Artifactory, you would execute this command as follows:

curl -i -uadmin:password -X POST "http://localhost:8080/artifactory/api/docker/docker-local/v2/promote" -H "Content-Type: application/json" -d '{"targetRepo":"docker-prod","dockerRepository":"jfrog/ubuntu"}'

The following example adds retagging with a specific version of thejfrog/ubuntuimage (4.9.0) being retagged tolatestas it gets promoted:

curl -i -uadmin:password -X POST "https://artprod.company.com/api/docker/docker-local/v2/promote" -H "Content-Type: application/json" -d '{"targetRepo":"docker-prod","dockerRepository":"jfrog/ubuntu", "tag" : "4.9.0", "targetTag" : "latest"}'

Pushing and Pulling Images

Set Me Up

To get the correspondingdocker pushanddocker pullcommands for any repository, go toArtifactory|Artifacts|Artifact Repository Browser, in theApplicationmodule, and clickSet Me Up.

Docker

Podman

Pushing Multi-Architecture Docker Images to Artifactory

JFrog Artifactory supports the following methods for pushing multi-architecture Docker images to a Docker Registry:

• Pushing Docker images for each architecture one by one
• Pushing Docker images in bulk using the Docker Buildx CLI (Supported from Artifactory 7.21.2 and higher)
• Pushing Multi-Architecture Docker Images Using Docker Buildfrom Artifactory 7.21.2 and higher.

Pushing Docker Images One by One

You can push multi-architecture Docker images, using a 'Manifest Lists' file, (officially referred by Docker as the‘fat manifest file”),这对平台——引用的形象体现specific versions of an image. For more information, clickhere.

The process of pushing multi-architecture Docker images is similar to the standard Docker Push process, with a few exceptions:

1. Each architecture gets a different tag.
2. After all the architectures have been built and pushed, a single ‘fat manifest file' is created and contains all of the images with the relevant tagging.
3. After pushing the'fatmanifest file', the images are published with the given tags.

$ docker build -t domain/docker/multiarch-image:amd64 --build-arg ARCH=amd64/ $ docker push domain/docker/multiarch-image:amd64 $ docker build -t domain_name: port/docker/multiarch-image:arm64 --build-arg ARCH=arm64/ $ docker push domain/docker/multiarch-image:arm64 $ docker manifest create \ domain_name:port1/docker/multiarch-image:tag \ --amend domain/docker/multiarch-image:amd64 \ --amend domain/docker/multiarch-image:arm64 \ $ docker manifest push domain/docker/multiarch-image:my-tag

Pushing Images in Bulk Using the Docker BuildxCLI

From Artifactory 7.21.2, theDocker buildxcommand is supported, allowing you to create and upload Docker ‘manifest lists’ to the Docker registry in Artifactory.Dockerbuildxallows you to build and push multi-architecture images using a single command instead of having to build and push each of the architecture images separately. For more information, seeWorking with buildx.

To support theDocker buildx, Artifactory saves each architecture of the image under the following path structure with the tagthat includes the originally published tag, the image operating system, and the image architecture.

imageName:tag-os-arch

The following example shows the Docker BuildX API usage.

docker buildx build --platform linux/amd64,linux/arm64 --tag domain/docker/multiarch-image:tag --output=type=image,push=true --push .

Pushing Multi-Architecture Docker Images Using Docker Build

From Artifactory version 7.21.2 and higher, if you continue to push multi-architecture Docker images usingDocker build, all your pushed images will be duplicated, and the architecture tag will be automatically added to each image.

In the following example, pushing the following images using Docker Build will result inArtifactory automatically duplicating the images and adding thelinuxtag to each image.

List Manifest

docker.artifactory./test/busybox:1.33

Image A

1. Image A is pushed during the build.
   

   docker.artifactory/test/busybox:1.33-amd64

   
   

2. Artifactory duplicates the image and adds the'linux'tag.

   docker.artifactory./test/busybox:1.33-linux-amd64

Image B

1. Image B si pushed during the build.
   

   docker.artifactory./test/busybox:1.33-s390x

2. Artifactory duplicates the image and adds the 'linux'tag.
   

   artifactory.us../test/busybox:1.33-linux-s390x

Browsing Docker Repositories

For general information on how to browse repositories, please refer toBrowsing Artifactory.

TheDocker Infotab presents three sections:Tag Info,Docker Tag Visualization, andLabels.

Tag Info

Presents basic details about the selected tag.

Docker Tag Visualization

This section maps the entire set of commands used to generate the selected tag along with the digest of the corresponding layer. Essentially, you would see the same series of commands usingdocker history.

You can select any layer of the image to view the following properties.

Symbol	Property
	The layer ID
	The layer size
	The timestamp when the layer was created
	The command that created the layer
	The digest

Labels

This section displays the labels attached to the image.

Note also, that Artifactory extracts any labels associated with a Docker image and creates corresponding properties on themanifest.jsonfile which you can use to specify search parameters, this can be used to easily add additional metadata to any image.

Searching for Docker Images

You can search for Docker images by their name, tag or image digest using theArtifact Package Searchor through theREST API.

Listing Docker Images

Artifactory supports the following REST API endpoints related to Docker registries:

• List Docker Imagesprovides a list of Docker images in the specified Artifactory Docker registry. This endpoint mimics the Docker_catalogREST API.
• List Docker Tagsprovides a list of tags for the specified Docker image.

Artifactory also supports pagination for this endpoint.

To enable fetch from cache using theListDockerRepositoriesand theListDockerTagsREST APIs, set theartifactory.docker.catalogs.tags.fallback.fetch.remote.cachesystem property to true (default false) in the artifactory.system.properties file:

## Enable fetch from cache in Docker repositories #artifactory.docker.catalogs.tags.fallback.fetch.remote.cache=true

Artifactory needs to be restarted for this change to take effect.

Deletion and Cleanup

Artifactory natively supports removing tags and repositories and complies with the Docker Hub spec.

Deletion of Docker tags and repositories automatically cleans up any orphan layers that are left (layers not used by any other tag/repository).

Currently, the Docker client does not support DELETE commands, but deletion can be triggered manually. To delete an entire Docker repository using cURL, execute the following command:

curl -u -X DELETE "/artifactory//"

Or for a specific tag version:

curl -u -X DELETE "/artifactory///"

For example, to remove the latest tag of an Ubuntu repository:

//Removing the latest tag from the "jfrog/ubuntu" repository curl -uadmin:password -X DELETE "https://artprod.company.com/artifactory/dockerv2-local/jfrog/ubuntu/latest"

Limiting Unique Tags

To avoid clutter and bloat in your Docker registries caused by many snapshots being uploaded for an image, set theMax Unique Tagsfield in theLocal Docker Repositoryconfiguration to limit the number of unique tags.

Docker Build Information

You may store exhaustive build information in Artifactory by running your Docker builds with JFrog CLI.

JFrog CLI collects build-info from your build agents and then publishes it to Artifactory. Once published, the build info can be viewed in theBuild BrowserunderBuilds.

For more details on Docker build integration using JFrog CLI, please refer toManaging Docker Imagesin the JFrog CLI User Guide.

Migrating from Docker V1 to Docker V2

If you are still using Docker V1, we strongly recommend upgrading to Docker V2. This requires that you migrate any Docker repositories that were created for Docker V1, and is done with a simple cURL endpoint.

For details, please refer toMigrating a V1 repository to V2under theUsing Docker V1documentation.