Google Container Registry (GCR)
Google Recommends Artifact Registry over GCR
If you are setting up a container registry in GCP for the first time, Google recommends using Artifact Registry instead of GCR. GCR will continue to be supported by GCP, but it will only receive critical security fixes.
Connect a new Registry
- Create a GCP service account with the read-only Cloud Storage role (
roles/storage.objectViewer).
You can do this through thegcloudtool with the following commands.
$ gcloud iam service-accounts create prodvana-gcr-readonly
$ gcloud projects add-iam-policy-binding <GCP_PROJECT_ID> --member "serviceAccount:prodvana-gcr-readonly@<GCR_PROJECT_ID>.iam.gserviceaccount.com" --role "roles/storage.objectViewer"
Replace <GCP_PROJECT_ID> with the ID of the GCP Project where your GCR registry is hosted.
- Generate a json key file for this newly created service account:
$ gcloud iam service-accounts keys create keyfile.json --iam-account prodvana-gcr-readonly@<GCR_PROJECT_ID>.iam.gserviceaccount.com
- Let's test that this key file works. On a machine with docker installed run,
$ cat keyfile.json | docker login -u _json_key --password-stdin https://<HOSTNAME>
Login Succeeded
The <HOSTNAME> placeholder depends on what region your GCR registry is hosted in. It will be one of, gcr.io, us.gcr.io, eu.gcr.io, or asia.gcr.io.
- Now to link the registry in Prodvana
- Go to your organization's integration page https://my-demo-organization.runprodvana.com)
- Click the "Add Registry" button, and select "Other registries" from the dropdown.
- In the pop-up form, fill in the values:
Name: The name Prodvana will use to reference this registryUsername: Use_json_keyPassword: Copy and paste the entire contents of thekeyfile.jsongenerated above.Hostname: Depending on where your GCR registry is hosted, this will be one of,https://gcr.io,https://us.gcr.io,https://eu.gcr.io, orhttps://asia.gcr.io.- Click "Save"
See Also
https://cloud.google.com/container-registry/docs/advanced-authentication#json-key
Updated about 1 year ago