Question 85265 in Docker Question posted in
The official documentation can be found here.

docker compose can't pull image from google container registory

I have images on google container registry moved from docker hub. I have my docker-compose.yml. compose file is successfully pull the images from docker hub. But I can’t pull from google container registry.

step to login to container registry

  1. gcloud auth revoke –all
  2. gcloud auth login
  3. gcloud config set project projectId
  4. gcloud auth activate-service-account [email protected] –key-file=service-account.json
  5. gcloud auth configure-docker
  6. (a) gcloud auth print-access-token | docker login -u oauth2accesstoken –password-stdin https://asia.gcr.io

Login Result is success

docker-compose up

ERROR: pull access denied for [my_image_name], repository does not exist or may require 'docker login': denied: requested access to the resource is denied

I can pull the image with below command

docker pull asia.gcr.io/projectid/myimagename/data-api:latest

docker compose

version: "3.3"
services:
  data_api:
    container_name: myimagename-data-api
    image: myimagename/data-api
    expose:
      - 4000
    ports:
      - "4001:4000"
    depends_on:
      - db
    environment:
      DATABASE_URL: mysql://root:root@db:3306/myimagename
      ACCESS_TOKEN_SECRET: xxxxxxxxxx
      REFRESH_TOKEN_SECRET: xxxxxxxxx
    networks:
      - db-api

  db:
    container_name: myimagename-db
    image: myimagename/db
    restart: always
    volumes:
      - ./db/data/:/var/lib/mariadb/data
    environment:
      MARIADB_ROOT_PASSWORD: root
      MARIADB_DATABASE: myimagename
    expose:
      - 3306
    ports:
      - "3307:3306"
    networks:
      - db-api

networks:
  db-api:
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Ok, Finally, I found the issue. It is image name. We can not use same image name as docker hub. we need full path.

    image: asia.gcr.io/projectid/myimagename/data-api:latest

    instead of myimagename/data-api


  2. 0

    If you look at the service-account.json file, you will see that it’s not your "password" in the traditional sense. Hence piping it in as a stdin password will not work. EDIT: TIL – you can pipe a credentials file in as a password as per doc

    I would recommend using the gcloud credential helper — you can login as yourself if you have the perms or you can use a service account with its credentials.json file — which appears to be your case there. Be sure to have the correct IAM perms on your service account.

    Pull (read) only:

    • roles/storage.objectViewer

    Push (write) and Pull:

    • roles/storage.legacyBucketWriter
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search