GuidesAPI Reference
Log In

Google Container Registry (GCR)


Google Recommends Artifact Registry over GCR

If you are setting up a container registry in GCP for the first time, Google recommends using Artifact Registry instead of GCR. GCR will continue to be supported by GCP, but it will only receive critical security fixes.

Connect a new Registry

  1. Create a GCP service account with the read-only Cloud Storage role (roles/storage.objectViewer).
    You can do this through the gcloud tool with the following commands.
$ gcloud iam service-accounts create prodvana-gcr-readonly
$ gcloud projects add-iam-policy-binding <GCP_PROJECT_ID> --member "serviceAccount:prodvana-gcr-readonly@<GCR_PROJECT_ID>" --role "roles/storage.objectViewer"

Replace <GCP_PROJECT_ID> with the ID of the GCP Project where your GCR registry is hosted.

  1. Generate a json key file for this newly created service account:
$ gcloud iam service-accounts keys create keyfile.json --iam-account prodvana-gcr-readonly@<GCR_PROJECT_ID>
  1. Let's test that this key file works. On a machine with docker installed run,
$ cat keyfile.json | docker login -u _json_key --password-stdin https://<HOSTNAME>
Login Succeeded

The <HOSTNAME> placeholder depends on what region your GCR registry is hosted in. It will be one of,,,, or

  1. Now to link the registry in Prodvana
  • Go to your organization's integration page
  • Click the "Add Registry" button, and select "Other registries" from the dropdown.

  • In the pop-up form, fill in the values:
    • Name: The name Prodvana will use to reference this registry
    • Username: Use _json_key
    • Password: Copy and paste the entire contents of the keyfile.json generated above.
    • Hostname: Depending on where your GCR registry is hosted, this will be one of,,,, or
    • Click "Save"

See Also