https://prefect.io logo
Join Slack
Powered by
hi guys for google container registry authenticati...
# prefect-community
s
hi guys for google container registry authentication i got it to work with docker agent which can pull images for flows using docker storage but the flow containers themselves seem to fail to pull images how is the docker agent picking up the credentials? from my experimentation it seems to look at 
~/.docker/config.json
but does this mean for flows i have to pack the credentials in the image, instead of being able to mount a volume when the container is run? i have looked at API documentation and couldn’t find any options for specifying volumes for flow containers
n
Hi @sark - can you explain what you mean by a flow container? Your Agent uses the authenticated state of your Docker daemon. If you're pulling images from the registry within your flow, the daemon inside the container will also need to be authenticated.
s
hi nicholas, i mean the container for the image corresponding to the docker storage for the flow
hmm how do i go about authenticating the daemon inside that container?
n
You'll need to follow one of the GCR authentication methods listed in the GCR documentation - perhaps storing a 
Secret
with Cloud that contains the token or JSON key file that you need, then pulling the 
Secret
in an upstream task and authenticating with the 
gcloud auth
commands before trying to pull your images in a downstream task.
s
ah so the auth is done as a task within the flow itself!
n
That's the method I would use because it's explicit - of course there are other ways to tackle the problem 🙂
It also means that you can change out your auth tokens without needing to rebuild your image/register a new version of the flow
s
thanks, that makes sense
agree that it is good to be explicit
n
Happy to help!
2 Views
Open in Slack
PreviousNext
Powered by