Google Artifact Registry
This tutorial will guide you on how to use your private Google Artifact Registry with Okteto. It's recommended that you have the gcloud CLI installed to follow this tutorial.
The steps to configure your private Google Artifact Registry with Okteto are:
- Create a service account with access to your private Google Artifact Registry
- Retrieve the service account credentials
- Configure the credentials in Okteto
Step 1: Create a service account with access to your private Google Artifact Registry
Export the name your want to use for your service account:
export SA_NAME=<<your-service-account-name>>
Create a service account with the gcloud CLI by executing the following command:
gcloud iam service-accounts create ${SA_NAME} --display-name="My Service Account for Okteto"
Add a policy to grant read access to your private Google Artifact Registry:
gcloud projects add-iam-policy-binding {PROJECT_ID} \
--member=serviceAccount:{SA_NAME}@{PROJECT_ID}.iam.gserviceaccount.com \
--role=roles/artifactregistry.reader
Step 2: Retrieve the service account credentials
Create an Access Key to use these credentials by executing the following command:
gcloud iam service-accounts keys create SA_KEY_FILE.json \
--iam-account=SA_NAME@PROJECT_ID.iam.gserviceaccount.com
The command will create a file SA_KEY_FILE.json
with rhe required credentials. You will use this file in the next step.
Step 3: Configure the credentials in Okteto
Add the following registry credentials to the Admin Registry Credentials view in the Okteto Admin Dashboard:
Start by navigating to Admin -> Registry Credentials under the Integrations section.
Click "Add Credential" and use the following settings:
- Type:
Static
- Hostname: your private Google Artifact Registry endpoint, for example
europe-west1-docker.pkg.dev
- Username:
_json_key
- Password: the content of the file `SA_KEY_FILE.json``
You can also use _json_key_base64
as username
and encode your SA_KEY_FILE.json
as the value of the password
:
cat SA_KEY_FILE.json | base64