Overview
Using Google’s Private Container Registry with Docker Google’s Container Registry provides a managed and private repository for storing your Docker images. With a simple gcloud command you can push and pull to your private google project repository.
Example:
gcloud docker -- push [HOSTNAME]/[YOUR-PROJECT-ID]/[IMAGE]
However you may find a need to use native docker commands without gcloud. This might be needed in a CI process or other automation.
Example:
docker push [HOSTNAME]/[YOUR-PROJECT-ID]/[IMAGE]
In this short tutorial I’ll walk through a few simple steps to allow access through native docker commands.
Create an account to access the Registry
Set some variables
export PROJECT=my-project
export KEY_NAME=key-name
export KEY_DISPLAY_NAME="My Key Name"
Create and get the key
gcloud iam service-accounts create ${KEY_NAME} --display-name ${KEY_DISPLAY_NAME}
gcloud iam service-accounts list
gcloud iam service-accounts keys create --iam-account ${KEY_NAME}@${PROJECT}.iam.gserviceaccount.com key.json
NOTE: The output of the previous command is a json file called key.json. This file will be used as the input for the docker login command to follow and should be moved to any system or location where its needed.
Provide it with the appropriate rights
gcloud projects add-iam-policy-binding ${PROJECT} --member serviceAccount:${KEY_NAME}@${PROJECT}.iam.gserviceaccount.com --role roles/storage.admin
Use the credentials to access the registry
Log in
docker login -u _json_key -p "$(cat key.json)" https://gcr.io
Push your image
docker push gcr.io/${PROJECT}/example-image
That’s is, with the service account json file you simply call login and you’re good to use docker in your CI or automation efforts