GCP Artifact Registry (AR)

Connect a new Registry

Create a GCP service account with the read-only Artifact Registry role (roles/artifactregistry.reader).
You can do this through the gcloud tool with the following commands.

$ gcloud iam service-accounts create prodvana-ar-readonly
$ gcloud projects add-iam-policy-binding <GCP_PROJECT_ID> --member "serviceAccount:prodvana-ar-readonly@<GCR_PROJECT_ID>.iam.gserviceaccount.com" --role "roles/artifactregistry.reader"

Replace <GCP_PROJECT_ID> with the ID of the GCP Project where your Artifact Registry is hosted.

Generate a json key file for this newly created service account:

$ gcloud iam service-accounts keys create keyfile.json --iam-account prodvana-ar-readonly@<GCR_PROJECT_ID>.iam.gserviceaccount.com

Let's test that this key file works. On a machine with docker installed run,

$ cat keyfile.json | docker login -u _json_key --password-stdin https://<LOCATION>-docker.pkg.dev
Login Succeeded

The <LOCATION> placeholder is the regional or multi-regional location of the registry.

Now to link the registry in Prodvana

Go to your organization's integration page (https://.prodvana.io/integrations)
Click the "Add Registry" button, and select "Other registries" from the dropdown.

In the pop-up form, fill in the values:
- Name: The name Prodvana will use to reference this registry
- Username: Use _json_key
- Password: Copy and paste the entire contents of the keyfile.json generated above.
- Hostname: This will depend on the location of your registry, of the form https://<LOCATION>-docker.pkg.dev
- Click "Save"

See Also

https://cloud.google.com/artifact-registry/docs/docker/authentication#json-key

Updated 8 months ago