DEV Community

Booranasak Kanthong
Booranasak Kanthong

Posted on

GAR Cloud on GCP VM

summary of the commands and steps I executed - until I have successfully pulled Docker images from Google Artifact Registry (GAR):

Final Outcome

You successfully pulled:

  • asia-southeast1-docker.pkg.dev/escian/todoapp/hello-app:1.0
  • asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1

📜 Step-by-Step Command Summary

🔸 1. Initial Setup Attempts

  • Tried interactive login (but canceled): 
  gcloud auth login
  gcloud init
Enter fullscreen mode Exit fullscreen mode

🔸 2. Created and Prepared Service Account

  • Saved service account credentials to escian-bb074f590610.json
  • Confirmed it’s the correct service account for GAR access: 
  "client_email": "escian-devops-artifact@escian.iam.gserviceaccount.com"
Enter fullscreen mode Exit fullscreen mode

🔸 3. Activated the Service Account 

gcloud auth activate-service-account --key-file=escian-bb074f590610.json
Enter fullscreen mode Exit fullscreen mode

✅ This set the service account as the active credential.

🔸 4. Set GCP Project (Partial Success) 

gcloud config set project escian
Enter fullscreen mode Exit fullscreen mode

⚠️ Warned that Cloud Resource Manager API was disabled (can ignore for image pull).

🔸 5. Configured Docker to Authenticate with GAR 

gcloud auth configure-docker asia-southeast1-docker.pkg.dev --quiet
Enter fullscreen mode Exit fullscreen mode

✅ This added the necessary section to ~/.docker/config.json:

{
  "credHelpers": {
    "asia-southeast1-docker.pkg.dev": "gcloud"
  }
}
Enter fullscreen mode Exit fullscreen mode

🔸 6. Verified Docker Credential Helper 

docker-credential-gcloud list
Enter fullscreen mode Exit fullscreen mode

🟡 Note: asia-southeast1-docker.pkg.dev is NOT shown here – but that's expected because docker-credential-gcloud doesn’t show Artifact Registry entries.

🔸 7. First Pull Attempts (Failed)

You ran:

docker pull asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1
Enter fullscreen mode Exit fullscreen mode

❌ Failed with: Unauthenticated request — this was before proper configuration.

🔸 8. Final Successful Pulls

Once everything was configured:

docker pull asia-southeast1-docker.pkg.dev/escian/todoapp/hello-app:1.0
docker pull asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1
Enter fullscreen mode Exit fullscreen mode

✅ Both images pulled successfully!

🧠 Lessons Learned / Tips

  • gcloud auth configure-docker + gcloud auth activate-service-account is enough if the service account has permission.
  • No need for docker login manually if Docker reads from ~/.docker/config.json via credHelpers.
  • docker-credential-gcloud list doesn’t reflect Artifact Registry — don't rely on it for GAR validation.
  • If all fails, use: 
  gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://asia-southeast1-docker.pkg.dev
Enter fullscreen mode Exit fullscreen mode

Top comments (0)