Docker and Kubernetes: Connecting to Private GCR and Pulling Images

Follow

Countly Enterprise's Docker Images are hosted on Google Container Registry (GCR). Users will need a Google-managed Service Account key in order to authenticate with GCR's private repository and get access to Docker images.

Countly Enterprise Docker images are currently hosted in the default region: gcr.io

Our Support Team will assist you to get the Service Account key for authentication.

Countly Enterprise Docker Images

Please refer to the Images guide to get more details regarding the Docker images provided by Countly.

Docker: Authenticating and Pulling Images from GCR

Once users have obtained the Service Account key, they can authenticate to GCR private repository using the command below:

cat serviceaccount.json | docker login -u _json_key --password-stdin https://gcr.io

After successfully authenticating with GCR, users can pull the required images from the repository and use them in Docker orchestration using the command below:

docker pull gcr.io/countly-01/api:latest
docker pull gcr.io/countly-01/frontend:latest
docker images

Google Cloud: Listing, Authenticating, and Pulling Images from GCR

Users can also use the gcloud cli tool for authenticating, listing Countly Enterprise Docker Images, listing tags of images, and pulling the images from GCR's Private repository.

Authentication to gcr.io using gcloud cli can be done via the command below:

gcloud auth activate-service-account `Service_account_email` --key-file=serviceaccount.json

Replace service_account_email with the value of client_email parameter from Service Account key.

cat serviceaccount.json | grep client_email

After authenticating to GCR, users can list the image using the command below:

gcloud container images list

Tags of the Docker images can be listed using the command below:

gcloud container images list-tags gcr.io/countly-01/api

Docker Images can be pulled using the command below:

gcloud docker -- pull gcr.io/countly-01/api:20.11.2.9

Kubernetes: Authenticating and Pulling Images from GCR

Kubernetes uses Secrets to authenticate or store the credentials for accessing a Docker registry for images.
To create a Kubernetes Secret, use the Service Account key and
the command below to create a secret in the Kubernetes environment:

kubectl create secret docker-registry countly-registry \
  --docker-server=https://gcr.io \
  --docker-username=_json_key \
  --docker-password="$(cat serviceaccount.json)"
kubectl get secrets | grep countly-registry

After generating the Docker config Secret, users can use the Secret in the Kubernetes Pod deployment file under the spec section to pull the image specified.

spec:
imagePullSecrets:
- name: countly-registry
containers:
- name: countly-api
image: gcr.io/countly-01/api:20.11.2.11
imagePullPolicy: Always

The above config needs to be applied to each Pod deployment file needed to pull an image from a private registry.

Looking for help?