How to use an image from container registry in different project?

Question

I have two projects in Google Cloud. On the first project I have some images in the container registry and i'm using it in the gke.

When I trie to create a container in the second project, it gives me a error:

Error: Status 403 trying to pull repository project-1/image-x: "Access denied."

How can i use those images in the gke but in different project? I don't want to create the same images in the second project.

Answer 1

In your second project (the GKE project), look at the IAM permissions and you will see a user similar to: 123456789-compute@developer.gserviceaccount.com.

Then in your first project (the container registry project), grant that user the Storage Object Viewer permission to allow GKE to pull images.

Answer 2

You can modify who the images are visible to by using the access control settings available on the Google Cloud Storage bucket that they're stored in.

Reference: https://cloud.google.com/container-registry/docs/access-control

If you just want to make all your images readable to the entire world, then the command from this other StackOverflow answer should help: gsutil -m acl -r set public-read gs://bucket-name gsutil -m defacl set public-read gs://bucket-name