Logging docker to GCR registry
I close my eyes, only for a moment
And the moment’s gone
All my dreams pass before my eyes, a curiosity
(Kansas – Dust in the wind)
Docker daemon can access images from multiple docker registries. Some registry can be read-only for unauthenticated users while private registries usually require authentication even for pulling images. Configuration of registries and authentication is stored in ~/.docker/config.json .
When you want to log in to docker registry, you can simply run:
docker login <registry_uri>
Command will create an entry in the ~/.docker/config.json looking like:
"registry.example.com": {
"auth": "Tag3iekueep9raN9lae6Ahv9Maeyo1ee",
"email": "jsosic@gmail.com"
}
But, if you want to use GCR (Google Container Registry), there is a problem – there is no password provided.
Google suggests using gcloud for accessing all of their services. To log in with your user credentials, simply run the following command:
docker login -e jsosic@gmail.com \ -u oauth2accesstoken \ -p "$(gcloud auth print-access-token)" \ https://gcr.io
If you are setting a service account, then you need to use it’s private key, which Google distributes in JSON format:
docker login \ -e service_user@compute-engine-669.iam.gserviceaccount.com \ -u _json_key \ -p "$(cat GCE_project-name_serviceaccount_<someid>.json)" \ https://gcr.io
Now you can pull existing images from your private registry:
docker pull gcr.io/compute-engine-669/redis:latest
Isn’t it cool?