Last updated on November 6, 2024
Google Container Registry Cheat Sheet
- Container Registry is a container image repository to manage Docker images, perform vulnerability analysis, and define fine-grained access control.
Features
- Automatically build and push images to a private registry when you commit code to Cloud Source Repositories, GitHub, or Bitbucket.
- You can push and pull Docker images to your private Container Registry utilizing the standard Docker command-line interface.
- The system creates a Cloud Storage bucket to store all of your images the first time you push an image to Container Registry
- You have the ability to maintain control over who can access, view, or download images.
Pricing
- Container Registry charges for the following:
- Storing images on Cloud Storage
- Network egress for containers stored in the registry.
- Network ingress is free.
- If the Container Scanning API is enabled in either Container Registry, vulnerability scanning is turned on and billed for both products.
Validate Your Knowledge
Question 1
Your company stores all of its container images on Google Artifact Registry in a project called td-devops
. The development team created a Google Kubernetes Engine (GKE) cluster on a separate project and needs to download container images from the td-devops
project.
What should you do to ensure that Kubernetes can download the images from Artifact Registry securely?
- In the
td-devops
project, assign theStorage Object Viewer
IAM role to the service account used by the GKE nodes. - Upon creating the GKE cluster, set the Access Scopes setting under Node Security to
Allow Full Access to all Cloud APIs
. - Generate a P12 key for a new service account. Use the generated key as an
imagePullSecrets
in Kubernetes to access the private registry. - In the Google Cloud Storage, configure the ACLs on each container image stored and provide
read-write
access to the service account used by the GKE nodes.
For more Google Cloud practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:
Google Container Registry Cheat Sheet Reference:
AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!
Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!
View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses