Hi <@U02H1A95XDW> <@U01QEJ9PP53> I am now running ...
# prefect-server
c
Hi @Anna Geller @Kevin Kho I am now running Docker Agent in a container, and I can see new containers being spun up on the host machine for each flow (instead of being spun up within the agent container). However, this docker agent inside a container is facing issue pulling images from gcr.io
Copy code
500 Server Error for <http+docker://localhost/v1.41/images/create?tag=v3&fromImage=gcr.io%2Fchristopherchong-mysdev00-id%2Fprefect-flows>: Internal Server Error ("unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: <https://cloud.google.com/container-registry/docs/advanced-authentication>")
Is there any way we can pass docker credentials to Docker Agent or Docker Run? Or is there some other way I can authenticate this Docker Agent inside a container to pull image from GCR?
a
Yes, you can run the following command before you start your agent - here is a page for Google:
Copy code
docker login -u user -p password
c
@Anna Geller thanks for the reply. We might not want to use any JSON key due to security concern, is there any other way?
a
all ways to authenticate with GCR are listed on this page, choose whichever method you prefer
c
@Anna Geller got it. Side question, when Docker Agent pulls images from remote repo, which user is it running as? the docker security group user or root?
k
It uses
dockerpy
under the hood which is just the same if you do
docker run
or
docker pull
so if these use root, then it would use root
👍 1