pulling Artifact registry image from on-prem clust...

cloudlearner · 10-24-2023 11:17 AM

Hi,

I have challenges in accessing the image that is part of Artifact Registry(Docker format) from an on-prem K3S cluster (lightweight kubernetes).

I have created a service account key and give artifactregistry reader role. I created a secret with they json key of service account and used it as part of pods imagepullsecret. , I also tried GOOGLE_APPLICATION_CREDENTIALS with json key as secret and uploading that secret to volume but both approaches are failing.

I see if image is accessed from Docker/Helm we need to authenticate them, similary do we need any other setup before we access the image ?

Thanks

lawrencenelson

Hi @cloudlearner,

Welcome to the Google Cloud Community!

@cloudlearner wrote:

I have created a service account key and give artifactregistry reader role. I created a secret with they json key of service account and used it as part of pods imagepullsecret. , I also tried GOOGLE_APPLICATION_CREDENTIALS with json key as secret and uploading that secret to volume but both approaches are failing.

For a more in-depth troubleshooting of the problem kindly:

1. Share the logs that you are receiving

2. Take a screenshot of the Service Account with the Role roles/artifactregistry.reader [1]

3. Verify that the image can be pulled (you can use Cloud Shell). Kindly indicate what container runtime you're using.

4. The command you used to create the Secret.

5. Your pod specification (blur out personal details)

Note that if the image you're pulling is a Docker image, you need to set it up as specified in this documentation.

Thank you.

[1]. https://cloud.google.com/artifact-registry/docs/access-control#roles

pulling Artifact registry image from on-prem cluster