Refer to Google official documents
https://cloud.google.com/artifact-registry/docs/docker/store-docker-container-images
First enable GAR api
gcloud services enable artifactregistry.googleapis.com gcloud services list | grep -i artifact artifactregistry.googleapis.com Artifact Registry API
Secondly create a docker image warehouse
gcloud artifacts repositories create my-docker-repo –repository-format=docker –location=eurepo-west2 –description=””
Use the following command to list existing warehouses
> gcloud artifacts repositories list Listing items under project jason-hsbc, across all locations. ARTIFACT_REGISTRY REPOSITORY FORMAT MODE DESCRIPTION LOCATION LABELS ENCRYPTION CREATE_TIME UPDATE_TIME SIZE (MB) gcf-artifacts DOCKER STANDARD_REPOSITORY This repository is created and used by Cloud Functions for storing function docker images. europe-west2 goog-managed-by=cloudfunctions Google-managed key 2023-11-05T04:54:28 2023-11-05T04:56 :07 744.026 java-repo MAVEN STANDARD_REPOSITORY Java package repository europe-west2 Google-managed key 2023-11-11T03:21:31 2023-11-11T03:21:31 0 my-docker-repo DOCKER STANDARD_REPOSITORY europe-west2 Google-managed key 2023-09-09T17:01:40 2023-09-09T17:01:40 0
Configuring docker verification method
Because we need to use docker push to push the image to Google AR later, we configure the verification method for docker to access Google AR in the docker configuration file.
There are four verification methods from docker to GAR:
1. gcloud credential helper
Configure your ArtifactRegistry credentials for use with Docker directly in gcloud. This is the simplest authentication method, but may be slower than the Standalone Docker credential helper
2. Standalone Docker credential helper
This option is primarily used to configure your credentials for use with Docker without the Google Cloud CLI. It is much faster than the gcloud credential helper and uses Application Default Credentials (ADC) to automatically look up credentials in your environment.
3. Access token
You can generate a short-lived access token for a service account and then use that token for password authentication. Because the token is only valid for 60 minutes, it is a more secure option than the service account key.
4. Service account key
A user-managed key pair that can be used as credentials for service accounts. Because the credentials are valid for a long time, it is the least secure option of all available authentication methods.
Specific reference:
https://cloud.google.com/artifact-registry/docs/docker/authentication
Choose the simplest method 1 here: gcloud credential helper
Execute the following command
gcloud auth configure-docker europe-west2-docker.pkg.dev
Please replace the high lighted part with the region where your current repo is located.
gateman@DESKTOP-UIU9RFJ:/var/lib/jenkins/workspace/CloudRun/build@2$ gcloud auth configure-docker europe-west2-docker.pkg.dev Adding credentials for: europe-west2-docker.pkg.dev After update, the following will be written to your Docker config file located at [/home/gateman/.docker/config.json]: {<!-- --> "credHelpers": {<!-- --> "europe-west2-docker.pkg.dev": "gcloud" } } Do you want to continue (Y/n)? y Docker configuration file updated.
When execution is completed, /home/gateman/.docker/config.json will be updated
docker build or tag
At this time, you can use docker build or docker tag to add the correct image address and label to your image.
For example
gateman@instance-2:~/Projects/spring-boot-for-cloud-run$ sudo docker build -t europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice: 0.0.1-test . [ + ] Building 0.2s (2/3) docker:default [ + ] Building 5.0s (8/8) FINISHED docker:default => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 367B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load metadata for docker.io/dockette/jdk8:latest 1.0s => [1/3] FROM docker.io/dockette/jdk8@sha256:0e87d0c795b0b405a37a95b043b274f2c8539777cd94edc1952502cc6c034cf0 2.9s => => resolve docker.io/dockette/jdk8@sha256:0e87d0c795b0b405a37a95b043b274f2c8539777cd94edc1952502cc6c034cf0 0.0s => => sha256:0e87d0c795b0b405a37a95b043b274f2c8539777cd94edc1952502cc6c034cf0 1.16kB / 1.16kB 0.0s => => sha256:13041d54229cc20958f6524b6256964a99b6bea415204e7ed29f96bdc60b0f56 7.99kB / 7.99kB 0.0s => => sha256:8e3ba11ec2a2b39ab372c60c16b421536e50e5ce64a0bc81765c2e38381bcff6 2.21MB / 2.21MB 0.3s => => sha256:9b3c9c2732298ae00f74462af3984d87364a5a1c56c517fd2b26c31829cdee12 503.25kB / 503.25kB 0.2s => => sha256:4b79398611a193376a779d409b3d194f85d5922137cf55bcbef8efca0c2d0be9 57.43MB / 57.43MB 1.4s => => sha256:bd535a9d85176af573232201339448103487bb020e6d3dcec9d71fb3d48c45e0 93B / 93B 0.4s => => extracting sha256:8e3ba11ec2a2b39ab372c60c16b421536e50e5ce64a0bc81765c2e38381bcff6 0.1s => => extracting sha256:9b3c9c2732298ae00f74462af3984d87364a5a1c56c517fd2b26c31829cdee12 0.0s => => extracting sha256:4b79398611a193376a779d409b3d194f85d5922137cf55bcbef8efca0c2d0be9 1.4s => => extracting sha256:bd535a9d85176af573232201339448103487bb020e6d3dcec9d71fb3d48c45e0 0.0s => [internal] load build context 0.0s => => transferring context: 4.21kB 0.0s => [2/3] WORKDIR /app 0.8s => [3/3] COPY target/*.jar app.jar 0.0s => exporting to image 0.0s => => exporting layers 0.0s => => writing image sha256:221b39f6f5ea8e8c6c9d3461b2490b59b977408c2dd97f0423f099a737a1fe4c 0.0s => => naming to europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice:0.0.1-test
docker push
In this way, the image can be pushed to GAR.
gateman@instance-2:~/Projects/spring-boot-for-cloud-run$ docker push europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice:0.0.1 -test The push refers to repository [europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/helloservice] 27b10e04e8e3: Pushed 40cfa0202c65: Pushed 43d79ecfdc6c: Pushed bc4a7b790ce8: Pushed e4a87dd198ff: Pushed 73046094a9b8: Pushed 0.0.1-test: digest: sha256:2796c54b46ea85a3747f6599e37f5beed32a817dd00cb1e4f95d2feb7820b6a4 size: 1571