hi guys for google container registry authentication i got i

Question

hi guys for google container registry authentication i got it to work with docker agent which can pull images for flows using docker storage but the flow containers themselves seem to fail to pull images how is the docker agent picking up the credentials from my experimentation it seems to look at `~ docker config json` but does this mean for flows i have to pack the credentials in the image instead of being able to mount a volume when the container is run i have looked at API documentation and couldn t find any options for specifying volumes for flow containers

nicholas · Answer

Hi < sark> can you explain what you mean by a flow container Your Agent uses the authenticated state of your Docker daemon If you re pulling images from the registry within your flow the daemon inside the container will also need to be authenticated

sark · Answer

hi nicholas i mean the container for the image corresponding to the docker storage for the flow

sark · Answer

hmm how do i go about authenticating the daemon inside that container

nicholas · Answer

You ll need to follow one of the <https cloud google com container registry docs advanced authentication|GCR authentication methods> listed in the GCR documentation perhaps storing a `Secret` with Cloud that contains the token or JSON key file that you need then pulling the `Secret` in an upstream task and authenticating with the `gcloud auth` commands before trying to pull your images in a downstream task

sark · Answer

ah so the auth is done as a task within the flow itself

nicholas · Answer

That s the method I would use because it s explicit of course there are other ways to tackle the problem slightly smiling face

nicholas · Answer

It also means that you can change out your auth tokens without needing to rebuild your image register a new version of the flow

sark · Answer

thanks that makes sense

sark · Answer

agree that it is good to be explicit

nicholas · Answer

Happy to help