Sharing docker registry images among gcloud projects

Question

We're hoping to use a google project to share docker images containing microservices across projects.

I was thinking I could do it using the kubernetes run command and pull an image from a project other than the current one:

kubectl run  gdrive-service --image=us.gcr.io/foo/gdrive-service

My user credentials have access to both projects. However, it seems like the run command can only pull mages from the current project.

Is there an approach for doing this? It seems like an obvious use case.

score 2 · Accepted Answer · edited May 23 '17 at 10:29

2

There are a few options here.

Use _json_key auth described here with Kubernetes pull secrets.
This describes how to add robots across projects as well, still without needing pull secrets.

edited May 23 '17 at 10:29

Community

1
1

answered Jul 13 '16 at 21:18

mattmoor

1,677
14
9

Hmm, the first seems to mean passing around a copy of the json file with the service account. Will look into the latter approach a bit later. – Robert Moskal Jul 14 '16 at 16:38
Not ideal, but this is the way it goes. – Robert Moskal Aug 10 '16 at 22:00

score 1 · Answer 2 · answered Aug 07 '17 at 17:59

1

In my answer here I describe a way to do this by granting the GKE service account user Storage Object Viewer permission under the project that contains the registry.

answered Aug 07 '17 at 17:59

AllSySt3msG0

133
1
7

Sharing docker registry images among gcloud projects

2 Answers2