Use Trustnest Software Factory with k8saas

Context & Introduction

Trustnest provides several services such as a Software Factory.

The official documentation of the service is docs.thalesdigital.io

HOWTO

get an API key

Access to Artifactory
Go to your profile -> Authentication settings
Create a API key

Note: username is your email and password is the API key

Connect Docker Desktop to Trustnest Artifactory

Use

docker login artifactory.thalesdigital.io

# use email and API key to login

Understand Artifactory path for docker image URL

<docker-registry-server>/<repository>/<image-url>

docker-registry-server: artifactory.thalesdigital.io
repository: in which repository the docker image is stored into artifactory
image-url: Title from Docker Info when a image is selected

Pull image from trustnest Artifactory

# example
docker pull artifactory.thalesdigital.io/docker-internal/k8saas/promalertzendesk:latest

Push image to trustnest artifactory

# example
docker push artifactory.thalesdigital.io/docker-internal/k8saas/nginx:latest

Understand Image naming convention

artifactory.thalesdigital.io/docker-internal/<\k8saas-or-esaas>/<subgroup>/<project-name>[:TAG]

artifactory.thalesdigital.io: artificatory repository
docker-internal: repository not public
subgroup: optional Group images under a logical set.
k8saas-or-esaas: our subfolder to groups k8saas and essaas docker images
<project-name>: distinction between projet

Authenticate kaniko process to Trustnest artifactory

There are 2 ways to provide artifactory credentials to kaniko

Using auth

ARTIFACTORY_AUTH=$(echo -n $ARTIFACTORY_USERNAME:$ARTIFACTORY_API_KEY | base64 | tr -d "\n")
echo "{\"auths\":{\"$ARTIFACTORY_REPO\":{\"auth\":\"$ARTIFACTORY_AUTH\"}}}" > /kaniko/.docker/config.json

Using username and password

echo "{\"auths\":{\"$ARTIFACTORY_REPO\":{\"username\":\"$ARTIFACTORY_USERNAME\",\"password\":\"$ARTIFACTORY_API_KEY\"}}}" > /kaniko/.docker/config.json

Special case: Migration from gitlab registry to artifactory

Convertion examples:

Gitlab	artifactory
registry.thalesdigital.io/platform-team-canada/k8saas-innersource/python/reporting/rbac-service	artifactory.thalesdigital.io/docker-internal/k8saas/rbac-service
$CI_REGISTRY/platform-team-canada/k8saas-innersource/docker-images/pre-commit:0.3.0	artifactory.thalesdigital.io/docker-internal/k8saas/pre-commit:0.3.0

Migrate image from repo

# pull original image
docker pull registry.thalesdigital.io/platform-team-canada/k8saas-innersource/python/reporting/data-service:1.18.0
# tag with the new repository
docker tag registry.thalesdigital.io/platform-team-canada/k8saas-innersource/python/reporting/rbac-service:1.18.0 artifactory.thalesdigital.io/docker-internal/k8saas/rbac-service:1.18.0
# push image in the new repository
docker push artifactory.thalesdigital.io/docker-internal/k8saas/rbac-service:1.18.0

Next steps

have a look to trustnest software factory dedicated documentation for artifactory here

Context & Introduction​

HOWTO​

get an API key​

Connect Docker Desktop to Trustnest Artifactory​

Understand Artifactory path for docker image URL​

Pull image from trustnest Artifactory​

Push image to trustnest artifactory​

Understand Image naming convention​

Authenticate kaniko process to Trustnest artifactory​

Special case: Migration from gitlab registry to artifactory​

Convertion examples:​

Migrate image from repo​

Next steps​