Thread
#prefect-community
    sark

    sark

    2 years ago
    hi guys for google container registry authentication i got it to work with docker agent which can pull images for flows using docker storage but the flow containers themselves seem to fail to pull images how is the docker agent picking up the credentials? from my experimentation it seems to look at
    ~/.docker/config.json
    but does this mean for flows i have to pack the credentials in the image, instead of being able to mount a volume when the container is run? i have looked at API documentation and couldn’t find any options for specifying volumes for flow containers
    nicholas

    nicholas

    2 years ago
    Hi @sark - can you explain what you mean by a flow container? Your Agent uses the authenticated state of your Docker daemon. If you're pulling images from the registry within your flow, the daemon inside the container will also need to be authenticated.
    sark

    sark

    2 years ago
    hi nicholas, i mean the container for the image corresponding to the docker storage for the flow
    hmm how do i go about authenticating the daemon inside that container?
    nicholas

    nicholas

    2 years ago
    You'll need to follow one of the GCR authentication methods listed in the GCR documentation - perhaps storing a
    Secret
    with Cloud that contains the token or JSON key file that you need, then pulling the
    Secret
    in an upstream task and authenticating with the
    gcloud auth
    commands before trying to pull your images in a downstream task.
    sark

    sark

    2 years ago
    ah so the auth is done as a task within the flow itself!
    nicholas

    nicholas

    2 years ago
    That's the method I would use because it's explicit - of course there are other ways to tackle the problem 🙂
    It also means that you can change out your auth tokens without needing to rebuild your image/register a new version of the flow
    sark

    sark

    2 years ago
    thanks, that makes sense
    agree that it is good to be explicit
    nicholas

    nicholas

    2 years ago
    Happy to help!