I have images on google container registry moved from docker hub. I have my docker-compose.yml. compose file is successfully pull the images from docker hub. But I can’t pull from google container registry.
step to login to container registry
- gcloud auth revoke –all
- gcloud auth login
- gcloud config set project projectId
- gcloud auth activate-service-account [email protected] –key-file=service-account.json
- gcloud auth configure-docker
- (a) gcloud auth print-access-token | docker login -u oauth2accesstoken –password-stdin https://asia.gcr.io
Login Result is success
docker-compose up
ERROR: pull access denied for [my_image_name], repository does not exist or may require 'docker login': denied: requested access to the resource is denied
I can pull the image with below command
docker pull asia.gcr.io/projectid/myimagename/data-api:latest
docker compose
version: "3.3"
services:
data_api:
container_name: myimagename-data-api
image: myimagename/data-api
expose:
- 4000
ports:
- "4001:4000"
depends_on:
- db
environment:
DATABASE_URL: mysql://root:root@db:3306/myimagename
ACCESS_TOKEN_SECRET: xxxxxxxxxx
REFRESH_TOKEN_SECRET: xxxxxxxxx
networks:
- db-api
db:
container_name: myimagename-db
image: myimagename/db
restart: always
volumes:
- ./db/data/:/var/lib/mariadb/data
environment:
MARIADB_ROOT_PASSWORD: root
MARIADB_DATABASE: myimagename
expose:
- 3306
ports:
- "3307:3306"
networks:
- db-api
networks:
db-api:
2
Answers
Ok, Finally, I found the issue. It is image name. We can not use same image name as docker hub. we need full path.
image: asia.gcr.io/projectid/myimagename/data-api:latest
instead of myimagename/data-api
If you look at the
service-account.json
file, you will see that it’s not your "password" in the traditional sense. Hence piping it in as a stdin password will not work. EDIT: TIL – you can pipe a credentials file in as a password as per docI would recommend using the gcloud credential helper — you can login as yourself if you have the perms or you can use a service account with its credentials.json file — which appears to be your case there. Be sure to have the correct IAM perms on your service account.
Pull (read) only:
Push (write) and Pull: