stackoom
  简体   繁体   中英

How can i add GCP > Container Registry auth key to Docker config.json?

 原文  2021-05-04 13:22:19       docker/ google-cloud-platform/ cloud/ google-container-registry

Question

How can i add Auth key from Service Account for (GCP-> Container Registry) to docker daemon.json?

Normally i write url and user:pass in base64 in docker daemon.json and docker can do pull from private registry.

How about GCP Container registry? I generated a json key and it works.

docker login -u _json_key --password-stdin https://gcr.io < credentials.json

I can login to GCP Container Registry and pull the image from it but how can i add this Key to docker daemon.json So that the docker automatically makes a pull from private repo.

Thanks.

1 answers

solution1
 0  2021-05-04 14:01:32

Seems that you already choose your authentication metthod:

Choosing an authentication method

Regarding JSON Key File, Use the following guidelines to limit access to your container images:

  • Create dedicated service accounts that are only used to interact with Container Registry.\
  • Grant the specificrole for the least amount of access that the service account requires.\
  • Follow best practices for managing credentials .

To create a new service account and a service account key for use with Container Registry repositories only:

  1. Create a new service account that will interact with Container Registry.
  • You can run the following commands using Cloud SDK on your local machine, or in Cloud Shell.

a. Create the service account. Replace NAME with a name for the service account.

gcloud iam service-accounts create NAME

b. Grant a role to the service account. Replace PROJECT_ID with your project ID and ROLE with the appropriate Cloud Storage role for the service account.

gcloud projects add-iam-policy-binding PROJECT_ID --member "serviceAccount:NAME@PROJECT_ID.iam.gserviceaccount.com" --role "roles/ROLE"
  1. Obtain a key for the service account that will interact with Container Registry.

You can run the following command using Cloud SDK on your local machine, or in Cloud Shell.The instructions on this page use the file name keyfile.json for the key file.

gcloud iam service-accounts keys create keyfile.json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com

  1. Verify thatpermissions are correctly configured for the service account. If you are using the Compute Engine service account, you must correctly configure both permissions and access scopes.

  2. Use the service account key as your password to authenticate with Docker.

Username is _json_key (NOT the name of your service account)
keyfile.json is the service account key you created

for example:

cat keyfile.json | docker login -u _json_key --password-stdin https://HOSTNAME

where HOSTNAME is gcr.io , us.gcr.io , eu.gcr.io , or asia.gcr.io .

Or, for older Docker clients which don't support --password-stdin :

docker login -u _json_key -p "$(cat keyfile.json)" https://HOSTNAME

where HOSTNAME is gcr.io , us.gcr.io , eu.gcr.io , or asia.gcr.io .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question docker-py: Login to private registry using ~/.docker/config.json auth token Ansible doesn't add credentials to ~/.docker/config.json despite succesful login to registry Getting runc config.json from docker container Docker password store in .docker/config.json gcloud auth configure-docker fail (config.json could not be read as JSON) .docker/config.json vs .dockercfg Where do I place a docker config.json file when docker is installed as a snap on Ubuntu? Kubernetes ignores config.json while doing docker pull Convert docker-compose.yml to runc config.json No Docker config.json in Amazon Linux EC2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM