Has anyone figured out how to pull from private GCR repos in the containrrr watchtower image in docker compose?
For context, I ran gcloud auth configure-docker in the host, and added these volumes to watchtower:
version: "3.4"
services:
app:
image: gcr.io/<proj>/<img>:latest
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker/config.json:/config.json
- /root/.config/gcloud:/.config/gcloud
- /usr/lib/google-cloud-sdk:/usr/lib/google-cloud-sdk
command: --interval 10
environment:
- PATH=$PATH:/usr/lib/google-cloud-sdk/bin
- HOME=/
labels:
- com.centurylinklabs.watchtower.enable=false
It just keeps saying
watchtower_1 | time="2021-06-03T22:36:13Z" level=info msg="Unable to update container \"/gce_app_1\": Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication. Proceeding to next."
I found a solution. The caveat is, that the gcloud helper requires a python installation to work. So even if you add all the configs and binaries to your watchtower container, it still doesn't run properly.
As a solution, I came up with a minimal docker image that has both watchtower and python3 installed. It's
yspreen/watchtower. You can find the full readme on github, but here's the summary:Config file: