Google Recommends Artifact Registry over GCR
If you are setting up a container registry in GCP for the first time, Google recommends using Artifact Registry instead of GCR. GCR will continue to be supported by GCP, but it will only receive critical security fixes.
- Create a GCP service account with the read-only Cloud Storage role (
You can do this through the
gcloudtool with the following commands.
$ gcloud iam service-accounts create prodvana-gcr-readonly $ gcloud projects add-iam-policy-binding <GCP_PROJECT_ID> --member "serviceAccount:prodvana-gcr-readonly@<GCR_PROJECT_ID>.iam.gserviceaccount.com" --role "roles/storage.objectViewer"
<GCP_PROJECT_ID> with the ID of the GCP Project where your GCR registry is hosted.
- Generate a json key file for this newly created service account:
$ gcloud iam service-accounts keys create keyfile.json --iam-account prodvana-gcr-readonly@<GCR_PROJECT_ID>.iam.gserviceaccount.com
- Let's test that this key file works. On a machine with docker installed run,
$ cat keyfile.json | docker login -u _json_key --password-stdin https://<HOSTNAME> Login Succeeded
<HOSTNAME> placeholder depends on what region your GCR registry is hosted in. It will be one of,
- Now to link the registry in Prodvana
- Go to your organization's integration page (https://.prodvana.io/integrations)
- Click the "Add Registry" button, and select "Other registries" from the dropdown.
- In the pop-up form, fill in the values:
Name: The name Prodvana will use to reference this registry
Password: Copy and paste the entire contents of the
Hostname: Depending on where your GCR registry is hosted, this will be one of,
- Click "Save"
Updated 7 months ago