Last updated on November 6, 2024
Google Container Registry Cheat Sheet
- Container Registry is a container image repository to manage Docker images, perform vulnerability analysis, and define fine-grained access control.
Features
- Automatically build and push images to a private registry when you commit code to Cloud Source Repositories, GitHub, or Bitbucket.
- You can push and pull Docker images to your private Container Registry utilizing the standard Docker command-line interface.
- The system creates a Cloud Storage bucket to store all of your images the first time you push an image to Container Registry
- You have the ability to maintain control over who can access, view, or download images.
Pricing
- Container Registry charges for the following:
- Storing images on Cloud Storage
- Network egress for containers stored in the registry.
- Network ingress is free.
- If the Container Scanning API is enabled in either Container Registry, vulnerability scanning is turned on and billed for both products.
Validate Your Knowledge
Question 1
Your company stores all of its container images on Google Artifact Registry in a project called td-devops
. The development team created a Google Kubernetes Engine (GKE) cluster on a separate project and needs to download container images from the td-devops
project.
What should you do to ensure that Kubernetes can download the images from Artifact Registry securely?
- In the
td-devops
project, assign theStorage Object Viewer
IAM role to the service account used by the GKE nodes. - Upon creating the GKE cluster, set the Access Scopes setting under Node Security to
Allow Full Access to all Cloud APIs
. - Generate a P12 key for a new service account. Use the generated key as an
imagePullSecrets
in Kubernetes to access the private registry. - In the Google Cloud Storage, configure the ACLs on each container image stored and provide
read-write
access to the service account used by the GKE nodes.
For more Google Cloud practice exam questions with detailed explanations, check out the Tutorials Dojo Portal: