Artifactory - bcgov/common-service-showcase GitHub Wiki
The following are some notes taken when experimenting with using a private repo in Artifactory to host images for our deployment.
For the more complete documentation visit the : BC Government Private Cloud Technical Documentation
The BCGov Artfactory repo
- log in to JFrog console:
- https://artifacts.developer.gov.bc.ca/ (with MFA IDIR sso) to ensure an admin user exists there
- create ArtifactoryProject in your OC namespace
oc project abcdef-toolsoc process -f https://raw.githubusercontent.com/bcgov/platform-services-archeobot/master/archeobot/config/samples/tmpl-artifactoryproject.yaml -p NAME="myImage" | oc create -f -- check status:
oc describe artproj myImage
add a repo in Artifactory
- in UI: https://artifacts.developer.gov.bc.ca/ui/admin/repositories/local?projectKey=n1dc
- repo:
n1dc-common-docker-localproject name:abcdef-tools-myImage - https://artifacts.developer.gov.bc.ca:443/artifactory/n1dc-common-docker-local/
- repo:
push our new patroni image in Artifactory
- build the docker image (eg:
my-image) locally- in dir with Dockerfile (eg: C:\projects\patroni-postgres-container) run:
docker build -t my-image:1.0.0 .
- in dir with Dockerfile (eg: C:\projects\patroni-postgres-container) run:
- push image to the artifactory repo. Example:
docker login artifacts.developer.gov.bc.ca/n1dc-common-docker-local:443
username: <gov idir email>
password: <token from artifactory set me up UI>
docker tag a27b9e471f74 artifacts.developer.gov.bc.ca/n1dc-common-docker-local/my-image:1.0.0
docker push artifacts.developer.gov.bc.ca/n1dc-common-docker-local/my-image:1.0.0
image pushed: 1.6.5-12.4: digest: sha256:9241c8f16996690299d0a21d173e121459cb36598bf6da5bc504b5125428b5fe size: 3872
Artifactory Service account
-
the tools namespaces in oc silver come with a service account (name:
default) that we can use to pull image from artifactoy:oc describe artsvcacct default(see: https://developer.gov.bc.ca/docs/default/component/platform-developer-docs/docs/build-deploy-and-maintain-apps/setup-artifactory-service-account/#access-a-service-account) -
for our pipeline we need an artifctory service account in dev, test and prod
- create :
oc process -f https://raw.githubusercontent.com/bcgov/platform-services-archeobot/master/archeobot/config/samples/tmpl-artifactoryserviceaccount.yaml -p NAME="pipeline" -p DESCRIPTOR="common services pipeline service account" | oc create -f -(pipelineis the name of the account) - verify:
oc describe artsvcacct pipeline - access a service account: https://developer.gov.bc.ca/docs/default/component/platform-developer-docs/docs/build-deploy-and-maintain-apps/setup-artifactory-service-account/#access-a-service-account
- create :
-
link the secret for the 'pipeline' artifactory service account to your artifactory project: https://developer.gov.bc.ca/docs/default/component/platform-developer-docs/docs/build-deploy-and-maintain-apps/setup-artifactory-project-repository/#add-users-and-service-accounts-to-a-project
-
create imagePullSecrets in deployment namespace