DEV Community

Booranasak Kanthong
Booranasak Kanthong

Posted on

GAR Cloud on GCP VM

summary of the commands and steps I executed - until I have successfully pulled Docker images from Google Artifact Registry (GAR):

Final Outcome

You successfully pulled:

  • asia-southeast1-docker.pkg.dev/escian/todoapp/hello-app:1.0
  • asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1

๐Ÿ“œ Step-by-Step Command Summary

๐Ÿ”ธ 1. Initial Setup Attempts

  • Tried interactive login (but canceled): 
  gcloud auth login
  gcloud init
Enter fullscreen mode Exit fullscreen mode

๐Ÿ”ธ 2. Created and Prepared Service Account

  • Saved service account credentials to escian-bb074f590610.json
  • Confirmed itโ€™s the correct service account for GAR access: 
  "client_email": "escian-devops-artifact@escian.iam.gserviceaccount.com"
Enter fullscreen mode Exit fullscreen mode

๐Ÿ”ธ 3. Activated the Service Account 

gcloud auth activate-service-account --key-file=escian-bb074f590610.json
Enter fullscreen mode Exit fullscreen mode

โœ… This set the service account as the active credential.

๐Ÿ”ธ 4. Set GCP Project (Partial Success) 

gcloud config set project escian
Enter fullscreen mode Exit fullscreen mode

โš ๏ธ Warned that Cloud Resource Manager API was disabled (can ignore for image pull).

๐Ÿ”ธ 5. Configured Docker to Authenticate with GAR 

gcloud auth configure-docker asia-southeast1-docker.pkg.dev --quiet
Enter fullscreen mode Exit fullscreen mode

โœ… This added the necessary section to ~/.docker/config.json:

{
  "credHelpers": {
    "asia-southeast1-docker.pkg.dev": "gcloud"
  }
}
Enter fullscreen mode Exit fullscreen mode

๐Ÿ”ธ 6. Verified Docker Credential Helper 

docker-credential-gcloud list
Enter fullscreen mode Exit fullscreen mode

๐ŸŸก Note: asia-southeast1-docker.pkg.dev is NOT shown here โ€“ but that's expected because docker-credential-gcloud doesnโ€™t show Artifact Registry entries.

๐Ÿ”ธ 7. First Pull Attempts (Failed)

You ran:

docker pull asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1
Enter fullscreen mode Exit fullscreen mode

โŒ Failed with: Unauthenticated request โ€” this was before proper configuration.

๐Ÿ”ธ 8. Final Successful Pulls

Once everything was configured:

docker pull asia-southeast1-docker.pkg.dev/escian/todoapp/hello-app:1.0
docker pull asia-southeast1-docker.pkg.dev/escian/booranasak-artifact-registry-docker/fastapi-app:v1
Enter fullscreen mode Exit fullscreen mode

โœ… Both images pulled successfully!

๐Ÿง  Lessons Learned / Tips

  • gcloud auth configure-docker + gcloud auth activate-service-account is enough if the service account has permission.
  • No need for docker login manually if Docker reads from ~/.docker/config.json via credHelpers.
  • docker-credential-gcloud list doesnโ€™t reflect Artifact Registry โ€” don't rely on it for GAR validation.
  • If all fails, use: 
  gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://asia-southeast1-docker.pkg.dev
Enter fullscreen mode Exit fullscreen mode

Top comments (0)