Using Google’s Private Container Registry with Docker


Using Google’s Private Container Registry with Docker Google’s Container Registry provides a managed and private repository for storing your Docker images. With a simple gcloud command you can push and pull to your private google project repository.

Example: gcloud docker -- push [HOSTNAME]/[YOUR-PROJECT-ID]/[IMAGE]

However you may find a need to use native docker commands without gcloud. This might be needed in a CI process or other automation.

Example: docker push [HOSTNAME]/[YOUR-PROJECT-ID]/[IMAGE]

In this short tutorial I’ll walk through a few simple steps to allow access through native docker commands.

Create an account to access the Registry

Set some variables

export PROJECT=my-project
export KEY_NAME=key-name
export KEY_DISPLAY_NAME="My Key Name"

Create and get the key

gcloud iam service-accounts create ${KEY_NAME} --display-name ${KEY_DISPLAY_NAME}
gcloud iam service-accounts list
gcloud iam service-accounts keys create --iam-account ${KEY_NAME}@${PROJECT} key.json

NOTE: The output of the previous command is a json file called key.json. This file will be used as the input for the docker login command to follow and should be moved to any system or location where its needed.

Provide it with the appropriate rights

gcloud projects add-iam-policy-binding ${PROJECT} --member serviceAccount:${KEY_NAME}@${PROJECT} --role roles/storage.admin

Use the credentials to access the registry

Log in

docker login -u _json_key -p "$(cat key.json)"

Push your image

docker push${PROJECT}/example-image

That’s is, with the service account json file you simply call login and you’re good to use docker in your CI or automation efforts