DEV Community

Booranasak Kanthong
Booranasak Kanthong

Posted on

GAR Cloud on GCP VM

summary of the commands and steps I executed - until I have successfully pulled Docker images from Google Artifact Registry (GAR):

Final Outcome

You successfully pulled:

  • asia-southeast1-docker.pkg.dev/escian/todoapp/hello-app:1.0
  • asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1

πŸ“œ Step-by-Step Command Summary

πŸ”Έ 1. Initial Setup Attempts

  • Tried interactive login (but canceled): 
  gcloud auth login
  gcloud init
Enter fullscreen mode Exit fullscreen mode

πŸ”Έ 2. Created and Prepared Service Account

  • Saved service account credentials to escian-bb074f590610.json
  • Confirmed it’s the correct service account for GAR access: 
  "client_email": "escian-devops-artifact@escian.iam.gserviceaccount.com"
Enter fullscreen mode Exit fullscreen mode

πŸ”Έ 3. Activated the Service Account 

gcloud auth activate-service-account --key-file=escian-bb074f590610.json
Enter fullscreen mode Exit fullscreen mode

βœ… This set the service account as the active credential.

πŸ”Έ 4. Set GCP Project (Partial Success) 

gcloud config set project escian
Enter fullscreen mode Exit fullscreen mode

⚠️ Warned that Cloud Resource Manager API was disabled (can ignore for image pull).

πŸ”Έ 5. Configured Docker to Authenticate with GAR 

gcloud auth configure-docker asia-southeast1-docker.pkg.dev --quiet
Enter fullscreen mode Exit fullscreen mode

βœ… This added the necessary section to ~/.docker/config.json:

{
  "credHelpers": {
    "asia-southeast1-docker.pkg.dev": "gcloud"
  }
}
Enter fullscreen mode Exit fullscreen mode

πŸ”Έ 6. Verified Docker Credential Helper 

docker-credential-gcloud list
Enter fullscreen mode Exit fullscreen mode

🟑 Note: asia-southeast1-docker.pkg.dev is NOT shown here – but that's expected because docker-credential-gcloud doesn’t show Artifact Registry entries.

πŸ”Έ 7. First Pull Attempts (Failed)

You ran:

docker pull asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1
Enter fullscreen mode Exit fullscreen mode

❌ Failed with: Unauthenticated request β€” this was before proper configuration.

πŸ”Έ 8. Final Successful Pulls

Once everything was configured:

docker pull asia-southeast1-docker.pkg.dev/escian/todoapp/hello-app:1.0
docker pull asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1
Enter fullscreen mode Exit fullscreen mode

βœ… Both images pulled successfully!

🧠 Lessons Learned / Tips

  • gcloud auth configure-docker + gcloud auth activate-service-account is enough if the service account has permission.
  • No need for docker login manually if Docker reads from ~/.docker/config.json via credHelpers.
  • docker-credential-gcloud list doesn’t reflect Artifact Registry β€” don't rely on it for GAR validation.
  • If all fails, use: 
  gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://asia-southeast1-docker.pkg.dev
Enter fullscreen mode Exit fullscreen mode

Top comments (0)