Logging docker to GCR registry

I close my eyes, only for a moment
And the moment’s gone
All my dreams pass before my eyes, a curiosity
(Kansas – Dust in the wind)

Docker daemon can access images from multiple docker registries. Some registry can be read-only for unauthenticated users while private registries usually require authentication even for pulling images. Configuration of registries and authentication is stored in ~/.docker/config.json .

When you want to log in to docker registry, you can simply run:

docker login <registry_uri>

Command will create an entry in the ~/.docker/config.json looking like:

"registry.example.com": {
    "auth": "Tag3iekueep9raN9lae6Ahv9Maeyo1ee",
    "email": "jsosic@gmail.com"
}

But, if you want to use GCR (Google Container Registry), there is a problem – there is no password provided.

Google suggests using gcloud for accessing all of their services. To log in with your user credentials, simply run the following command:

docker login -e jsosic@gmail.com \
   -u oauth2accesstoken \
   -p "$(gcloud auth print-access-token)" \
   https://gcr.io

If you are setting a service account, then you need to use it’s private key, which Google distributes in JSON format:

docker login \
   -e service_user@compute-engine-669.iam.gserviceaccount.com \
   -u _json_key \
   -p "$(cat GCE_project-name_serviceaccount_<someid>.json)" \
   https://gcr.io

Now you can pull existing images from your private registry:

docker pull gcr.io/compute-engine-669/redis:latest

Isn’t it cool?