Menu
I'm using shippable to push private docker images to the Google Container Registry that I then want to pull from either locally on a laptop, or inside an instance on the Google Compute Engine.
I know that the command gcloud preview docker pull gcr.io/projectID/image-name works, but I can't rely on gcloud being installed on every machine that someone may need to pull the image from.
If I run docker-compose up -d on my machine then I get the following error:
Pulling image gcr.io/projectID/image-name...
Pulling repository gcr.io/projectID/image-name
Traceback (most recent call last):
File "<string>", line 3, in <module>
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.main", line 31, in main
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.docopt_command", line 21, in sys_dispatch
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.command", line 27, in dispatch
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.docopt_command", line 24, in dispatch
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.command", line 59, in perform_command
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.main", line 464, in up
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.project", line 208, in up
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.service", line 214, in recreate_containers
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.service", line 199, in create_container
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.progress_stream", line 37, in stream_output
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.progress_stream", line 50, in print_output_event
compose.progress_stream.StreamOutputError: Error: Status 403 trying to pull repository projectID/image-name: "Access denied."
Is there any way to authenticate or access the image with some form of OAuth or keys? I want to avoid having to install gcloud on every machine that will ever need to pull the image, and the images have to remain private.
I have tried gcloud preview docker -a but that is not the solution I'm looking for.
Thank you in advance for any help.
546
In order to pull images from your private repository, you'll need to login to Docker. If no registry URI is specified, Docker will assume you intend to use or log out from Docker Hub. Triton comes with several images built-in. You can view the available list with triton images .
Container Registry is a single place for your team to manage Docker images, perform vulnerability analysis, and decide who can access what with fine-grained access control. Existing CI/CD integrations let you set up fully automated Docker pipelines to get fast feedback.
To pull an image from Artifact Registry: In the Google Cloud console, go to the VM Instances page. SSH into the node you are troubleshooting. Obtain an access token for authentication with the repository.
If you want to work with the Google Container Registry on a machine not in the Google Compute Engine (i.e. local) using vanilla docker you can follow Google's instructions.
The two main methods are using an access token or a JSON key file.
Note that _token and _json_key are the actual values you provide for the username (-u)
Access Token
$ docker login -e [email protected] -u _token -p "$(gcloud auth print-access-token)" https://gcr.io
JSON Key File
$ docker login -e [email protected] -u _json_key -p "$(cat keyfile.json)" https://gcr.io
To create a key file you can follow these instructions:
You can view Google's documentation on generating a key file here.
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
