The container registry provides secure, private Docker image storage on GCP. It can be thought of as a way to access, that is, to push, pull, and manage Docker images from any system, whether it's a Compute Engine instance or your on-premise hardware through a secure HTTPS endpoint. In a sense, this is a very controlled and regulated way of dealing with container images. You should be aware that it is possible to hook up Docker and the container registry so that they talk to each other directly. In this way, by using the Docker command line, which is the credential helper tool, you can authenticate Docker directly from the container registry. Since this container registry can be written to and read from pretty much any system, you could also use third-party cluster management or CI/CD tools and even those that are not on GCP. While Docker provides a central registry to store public images, you may not want your images to be accessible to the world. In this case, you must use a private registry:
- To configure the container registry in GCP, first of all, you need to tag a built image with a registry name. The registry name format follows hostname/project_ID/image format. The hostname is your Google container registry hostname. For example, us.gcr.io stores your image in the US region:
docker tag nginx us.gcr.io/loonycorn-project-08/nginx
- Then you need to push the image to the Docker container registry using the gcloud command line:
gcloud docker -- push us.gcr.io/loonycorn-project-08/nginx
- To test your registry, you can try pulling your image with the same registry tag format:
gcloud docker -- pull us.gcr.io/loonycorn-project-08/nginx
- Finally, to delete it from the container registry, use the following command:
gcloud container images delete us.gcr.io/loonycorn-project-08/nginx
- Now, if you are using Kubernetes, it has a built-in container registry to run with kubectl so you can use public or private container images as well:
kubectl run nginx --image=us.gcr.io/loonycorn-project-08/nginx