I'm using shippable to push private docker images to the Google Container Registry that I then want to pull from either locally on a laptop, or inside an instance on the Google Compute Engine.
I know that the command gcloud preview docker pull gcr.io/projectID/image-name
works, but I can't rely on gcloud being installed on every machine that someone may need to pull the image from.
If I run docker-compose up -d
on my machine then I get the following error:
Pulling image gcr.io/projectID/image-name...
Pulling repository gcr.io/projectID/image-name
Traceback (most recent call last):
File "<string>", line 3, in <module>
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.main", line 31, in main
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.docopt_command", line 21, in sys_dispatch
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.command", line 27, in dispatch
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.docopt_command", line 24, in dispatch
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.command", line 59, in perform_command
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.cli.main", line 464, in up
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.project", line 208, in up
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.service", line 214, in recreate_containers
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.service", line 199, in create_container
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.progress_stream", line 37, in stream_output
File "/compose/build/docker-compose/out00-PYZ.pyz/compose.progress_stream", line 50, in print_output_event
compose.progress_stream.StreamOutputError: Error: Status 403 trying to pull repository projectID/image-name: "Access denied."
Is there any way to authenticate or access the image with some form of OAuth or keys? I want to avoid having to install gcloud on every machine that will ever need to pull the image, and the images have to remain private.
I have tried gcloud preview docker -a
but that is not the solution I'm looking for.
Thank you in advance for any help.
If you want to work with the Google Container Registry on a machine not in the Google Compute Engine (i.e. local) using vanilla docker you can follow Google's instructions.
The two main methods are using an access token or a JSON key file.
Note that
_token
and_json_key
are the actual values you provide for the username (-u
)Access Token
JSON Key File
To create a key file you can follow these instructions:
You can view Google's documentation on generating a key file here.