GCP
Setting up a GCR registry
Follow this guide to create a private GCR registry on GCP.
Then follow this guide to create an image pull secret so that your cluster can pull images from your registry.
Make note of the ImagePullSecret name and namespace.
Enabling in-cluster building with GCR
To use in-cluster building with GCR (Google Container Registry) you need to set up authentication, with the following steps:
Create a Google Service Account (GSA).
Give the GSA the appropriate permissions.
Create a JSON key for the account.
Create an imagePullSecret for using the JSON key.
Add a reference to the imagePullSecret in your Garden project configuration.
First, create a Google Service Account:
Then, to grant the Google Service account the right permission to push to GCR, run the following gcloud commands:
Next create a JSON key file for the GSA:
Then prepare the imagePullSecret in your Kubernetes cluster. Run the following command, if appropriate replacing gcr.io
with the correct registry hostname (e.g. eu.gcr.io
or asia.gcr.io
):
Finally, make note of the ImagePullSecret name and namespace.
Enabling in-cluster building with Google Artifact Registry
To use in-cluster building with Google Artifact Registry you need to set up authentication, with the following steps:
Create a Google Service Account (GSA).
Give the GSA the appropriate permissions.
Create a JSON key for the account.
Create an imagePullSecret for using the JSON key.
Add a reference to the imagePullSecret to your Garden project configuration.
First, create a Google Service Account:
The service account needs write access to the Google Artifacts Registry. You can either grant write access to all repositories with an IAM policy, or you can grant repository-specific permissions to selected repositories. We recommend the latter, as it follows the pattern of granting the least-privileged access needed.
To grant access to all Google Artifact Registries, run:
To grant access to one or more repositories, run for each repository:
Next create a JSON key file for the GSA:
Then prepare the imagePullSecret in your Kubernetes cluster. Run the following command and replace docker.pkg.dev
with the correct registry hostname (e.g. southamerica-east1-docker.pkg.dev
or australia-southeast1-docker.pkg.dev
):
Finally, make note of the ImagePullSecret name and namespace.
Last updated