Pulling a Google Container Registry container into Google Kubernetes Engine from another GCP project

2
votes

I am looking to pull a container from Google Container Registry that exists in one Google Cloud Platform project into a Google Kubernetes Engine cluster that exists in a separate GCP project.

There's a good resource on this here: https://medium.com/hackernoon/today-i-learned-pull-docker-image-from-gcr-google-container-registry-in-any-non-gcp-kubernetes-5f8298f28969 but it includes the complexity of a non-GCP project. My guess is that there's an easier approach since everything here resides in Google Cloud Platform.

Thanks,

1
dockerkubernetesgoogle-cloud-platformcontainersgoogle-kubernetes-engine

1 Answers

5
votes

https://medium.com/google-cloud/using-single-docker-repository-with-multiple-gke-projects-1672689f780c

This Medium post from way back seems to describe what you are trying to do. In short: you need to give “Storage Object Viewer” IAM permission to the service account of the cluster that wants to pull images from the other project's registry. The name of the role isn't exactly intuitive but sort of makes sense when you consider that the images are stored in cloud storage.