https://prefect.io logo
Title
c

Christopher Chong Tau Teng

12/07/2021, 9:56 AM
Hi @Anna Geller @Kevin Kho I am now running Docker Agent in a container, and I can see new containers being spun up on the host machine for each flow (instead of being spun up within the agent container). However, this docker agent inside a container is facing issue pulling images from gcr.io
500 Server Error for <http+docker://localhost/v1.41/images/create?tag=v3&fromImage=gcr.io%2Fchristopherchong-mysdev00-id%2Fprefect-flows>: Internal Server Error ("unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: <https://cloud.google.com/container-registry/docs/advanced-authentication>")
Is there any way we can pass docker credentials to Docker Agent or Docker Run? Or is there some other way I can authenticate this Docker Agent inside a container to pull image from GCR?
a

Anna Geller

12/07/2021, 10:01 AM
Yes, you can run the following command before you start your agent - here is a page for Google:
docker login -u user -p password
c

Christopher Chong Tau Teng

12/07/2021, 10:07 AM
@Anna Geller thanks for the reply. We might not want to use any JSON key due to security concern, is there any other way?
a

Anna Geller

12/07/2021, 10:13 AM
all ways to authenticate with GCR are listed on this page, choose whichever method you prefer
c

Christopher Chong Tau Teng

12/08/2021, 4:33 AM
@Anna Geller got it. Side question, when Docker Agent pulls images from remote repo, which user is it running as? the docker security group user or root?
k

Kevin Kho

12/08/2021, 4:44 AM
It uses
dockerpy
under the hood which is just the same if you do
docker run
or
docker pull
so if these use root, then it would use root
👍 1