Search code examples
dockerdocker-registrygoogle-kubernetes-enginegoogle-container-registry

Searching the Google Container Registry

I've been setting up my kubernetes cluster and I have been using the Google Container Registry for storing images.

As a part of my setup I am building some tooling where I need to search the remote repository for images, including tags.

So my question is: How do I search Google Cloud Registry for images?

I've tried without luck to use docker cli to do the search:

$ docker search eu.gcr.io/project-101
Error response from daemon: Unexpected status code 403

$ gcloud docker search eu.gcr.io/project-101
Error response from daemon: Unexpected status code 403

$ docker login -e [email protected] -u _token -p mytoken https://eu.gcr.io
WARNING: login credentials saved in /Users/drwho/.docker/config.json
Login Succeeded

$ docker search eu.gcr.io/project-101
Error response from daemon: Unexpected status code 403

$ docker search eu.gcr.io/not-known
Error response from daemon: Unexpected status code 404

As you see I've tried a good deal of different approaches. The last option could be using the Google Storage Bucket API and search the file system "manually".

Solution

  • Docker clients through 1.7.0 only support unauthenticated search. For example if you search for:

    $ docker search gcr.io/google-containers/kube
NAME                                        DESCRIPTION   STARS     OFFICIAL   AUTOMATED
google-containers/hyperkube                               0                    
google-containers/kube-apiserver                          0                    
google-containers/kube-controller-manager                 0                    
google-containers/kube-scheduler                          0                    
google-containers/kube-ui                                 0                    
google-containers/kube2sky                                0                    
google-containers/kubectl                                 0

    I submitted a PR into 1.8.0 that will authenticate searches, and work similarly for private repositories.

    Today the 403 (Forbidden) is because the Docker client isn't actually passing the authentication that is setup via gcloud docker or docker login.

    EDIT: As a workaround, it isn't too bad to just CURL the endpoint:

    $ curl -u _token:TOKEN "https://gcr.io/v1/search?q=QUERY" | \
    python -mjson.tool

    You can generate TOKEN with gcloud auth print-access-token.

    We support queries of the form <project-id>[/image-substring], e.g. google-containers/ube would match google-containers/kube2sky.