Reputation: 2531
How can i add GCP > Container Registry auth key to Docker config.json?
How can i add Auth key from Service Account for (GCP-> Container Registry) to docker daemon.json?
Normally i write url and user:pass in base64 in docker daemon.json and docker can do pull from private registry.
How about GCP Container registry? I generated a json key and it works.
docker login -u _json_key --password-stdin https://gcr.io < credentials.json
I can login to GCP Container Registry and pull the image from it but how can i add this Key to docker daemon.json So that the docker automatically makes a pull from private repo.
Thanks.
Upvotes: 2
Views: 4510
Answers (1)
Reputation: 466
Seems that you already choose your authentication metthod:
Choosing an authentication method
Regarding JSON Key File, Use the following guidelines to limit access to your container images:
- Create dedicated service accounts that are only used to interact with Container Registry.\
- Grant the specific role for the least amount of access that the service account requires.\
- Follow best practices for managing credentials.
To create a new service account and a service account key for use with Container Registry repositories only:
- Create a new service account that will interact with Container Registry.
- You can run the following commands using Cloud SDK on your local machine, or in Cloud Shell.
a. Create the service account. Replace NAME with a name for the service account.
gcloud iam service-accounts create NAME
b. Grant a role to the service account. Replace PROJECT_ID with your project ID and ROLE with the appropriate Cloud Storage role for the service account.
gcloud projects add-iam-policy-binding PROJECT_ID --member "serviceAccount:NAME@PROJECT_ID.iam.gserviceaccount.com" --role "roles/ROLE"
- Obtain a key for the service account that will interact with Container Registry.
You can run the following command using Cloud SDK on your local machine, or in Cloud Shell.The instructions on this page use the file name keyfile.json for the key file.
gcloud iam service-accounts keys create keyfile.json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com
Verify that permissions are correctly configured for the service account. If you are using the Compute Engine service account, you must correctly configure both permissions and access scopes.
Use the service account key as your password to authenticate with Docker.
Username is _json_key (NOT the name of your service account)
keyfile.json is the service account key you created
for example:
cat keyfile.json | docker login -u _json_key --password-stdin https://HOSTNAME
where HOSTNAME is gcr.io, us.gcr.io, eu.gcr.io, or asia.gcr.io.
Or, for older Docker clients which don't support --password-stdin:
docker login -u _json_key -p "$(cat keyfile.json)" https://HOSTNAME
where HOSTNAME is gcr.io, us.gcr.io, eu.gcr.io, or asia.gcr.io.
Upvotes: 3
Related Questions
- Alternative means off authenticating GCP registry
- Access to Google Cloud registry in Docker file
- Deploying Container on GCP
- How do i get Google Container Registry to accept my json credentials?
- gcloud auth configure-docker fail (config.json could not be read as JSON)
- How to add a docker-registry secret for Google Cloud Platform on Windows (that is, in PowerShell, not Bash)?
- Read from Google Container Registry using the API and Service Account JSON file
- login to docker AWS registry from GCP
- Google Cloud Authentification json keyfile
- How to do use Google Container Registry with the docker CLI