Store Docker container images in Artifact Registry

Choose a shell

To complete this quickstart, use either Cloud Shell or your local shell.

Cloud Shell

Cloud Shell is a shell environment for managing resources hosted on Google Cloud. It comes preinstalled with Docker and the Google Cloud CLI, the primary command-line interface for Google Cloud.

Local shell

If you prefer using your local shell, you must install Docker and gcloud CLI in your environment.

Starting Cloud Shell

To launch Cloud Shell, perform the following steps:

1. Go to Google Cloud console.

   Google Cloud console

2. Click the Activate Cloud Shell button: .

A Cloud Shell session opens inside a frame lower on the console. You use this shell to run gcloud commands.

Setting up a local shell

To install gcloud CLI and Docker, perform the following steps:

1. Install the gcloud CLI. To update an existing installation, run the command gcloud components update.

2. Install Docker if it is not already installed.

3. Docker requires privileged access to interact with registries. On Linux or Windows, add the user that you use to run Docker commands to the Docker security group. This step is not required on macOS since Docker Desktop runs on a virtual machine as the root user.

   Linux

   The Docker security group is called docker. To add your username, run the following command:

   sudo usermod -a -G docker ${USER}
   

   Windows

   The Docker security group is called docker-users. To add a user from the Administrator command prompt, run the following command:

   net localgroup docker-users DOMAIN\USERNAME /add
   

   Where

   • DOMAIN is your Windows domain.
   • USERNAME is your user name.

4. Log out and log back in for group membership changes to take effect. If you are using a virtual machine, you may need to restart the virtual machine for membership changes to take effect.

5. To ensure that Docker is running, run the following Docker command, which returns the current time and date:

docker run --rm busybox date

The --rm flag deletes the container instance on exit.

Create a Docker repository

Create a Docker repository to store the sample image for this quickstart.

Configure authentication

Before you can push or pull images, configure Docker to use the Google Cloud CLI to authenticate requests to Artifact Registry.

To set up authentication to Docker repositories in the region us-west1, run the following command:

gcloud auth configure-docker us-west1-docker.pkg.dev

The command updates your Docker configuration. You can now connect with Artifact Registry in your Google Cloud project to push and pull images.

For information about other authentication methods, see Authentication methods.

Obtain an image to push

For this quickstart, you will push a sample image named hello-app.

Run the following command to pull version 1.0 of the image.

   docker pull us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0

Image paths in Artifact Registry include multiple parts. For this sample image:

• us-docker.pkg.dev is the hostname for container images stored in Artifact Registry Docker repositories, which includes the location of the repository (us).
• google-samples is the project ID.
• containers is the repository ID.
• /gke/hello-app is the path to the image in the repository containers.

Add the image to the repository

Before you push the Docker image to Artifact Registry, you must tag it with the repository name.

Tag the image with a registry name

Tagging the Docker image with a repository name configures the docker push command to push the image to a specific location. For this quickstart, the host location is us-west1-docker.pkg.dev.

Run the following command to tag the image as quickstart-image:tag1:

docker tag us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0 \
us-west1-docker.pkg.dev/PROJECT/quickstart-docker-repo/quickstart-image:tag1

Where

• us-west1 is the repository location.
• us-west1.docker.pkg.dev is the hostname for the Docker repository you created.
• PROJECT is your Google Cloud project ID. If your project ID contains a colon (`:`), see Domain-scoped projects.
• quickstart-docker-repo is the ID of the repository you created.
• quickstart-image is the image name you want to use in the repository. The image name can be different than the local image name. For this quickstart you will store the image directly under the repository ID quickstart-docker-repo.
• tag1 is a tag you're adding to the Docker image. If you didn't specify a tag, Docker will apply the default tag latest.

You are now ready to push the image to the repository you created.

Push the image to Artifact Registry

After you have configured authentication and tagged the local image, you can push the image to the repository that you created.

To push the Docker image, run the following command:

docker push us-west1-docker.pkg.dev/PROJECT/quickstart-docker-repo/quickstart-image:tag1

Replace PROJECT with your Google Cloud project ID. If your project ID contains a colon (`:`), see Domain-scoped projects.

Pull the image from Artifact Registry

To pull the image from Artifact Registry onto your local machine, run the following command:

docker pull us-west1-docker.pkg.dev/PROJECT/quickstart-docker-repo/quickstart-image:tag1

Replace PROJECT with your Google Cloud project ID. If your project ID contains a colon (`:`), see Domain-scoped projects. You should see output similar to the following:

latest: Pulling from [PROJECT-ID]/quickstart-image:tag1
Digest: sha256:70c42...
Status: Image is up to date for us-west1-docker.pkg.dev/PROJECT/quickstart-docker-repo/quickstart-image:tag1