Hi @Anna Geller @Kevin Kho I am now running Docker Agent in a container, and I can see new containers being spun up on the host machine for each flow (instead of being spun up within the agent container). However, this docker agent inside a container is facing issue pulling images from gcr.io

500 Server Error for <http+docker://localhost/v1.41/images/create?tag=v3&fromImage=gcr.io%2Fchristopherchong-mysdev00-id%2Fprefect-flows>: Internal Server Error ("unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: <https://cloud.google.com/container-registry/docs/advanced-authentication>")

Is there any way we can pass docker credentials to Docker Agent or Docker Run? Or is there some other way I can authenticate this Docker Agent inside a container to pull image from GCR?

Yes, you can run the following command before you start your agent - here is a page for Google:

docker login -u user -p password

@Anna Geller thanks for the reply. We might not want to use any JSON key due to security concern, is there any other way?

all ways to authenticate with GCR are listed on this page, choose whichever method you prefer

@Anna Geller got it. Side question, when Docker Agent pulls images from remote repo, which user is it running as? the docker security group user or root?

It uses

dockerpy

under the hood which is just the same if you do

docker run

or

docker pull

so if these use root, then it would use root