DO Kubernetes Cluster + GCP Container Registry

Question

I have a Kubernetes cluster in Digital Ocean, I want to pull the images from a private repository in GCP.

I tried to create a secret that make me able to to pull the images following this article https://blog.container-solutions.com/using-google-container-registry-with-kubernetes

Basically, these are the steps

1. In the GCP account, create a service account key, with a JSON credential
2. Execute

   kubectl create secret docker-registry gcr-json-key \
     --docker-server=gcr.io \
     --docker-username=_json_key \
     --docker-password="$(cat ~/json-key-file.json)" \
     --docker-email=any@valid.email
   

3. In the deployment yaml reference the secret

   imagePullSecrets:
     - name: gcr-json-key
   

I don't understand why I am getting 403. If there are some restriccions to use the registry outside google cloud, or if I missed some configuration something.

Failed to pull image "gcr.io/myapp/backendnodeapi:latest": rpc error: code = Unknown desc = failed to pull and unpack image "gcr.io/myapp/backendnodeapi:latest": failed to resolve reference "gcr.io/myapp/backendnodeapi:latest": unexpected status code [manifests latest]: 403 Forbidden

Answer 1

Verify that you have enabled the Container Registry API, Installed Cloud SDK and Service account you are using for authentication has permissions to access Container Registry.

Docker requires privileged access to interact with registries. On Linux or Windows, add the user that you use to run Docker commands to the Docker security group. This documentation has details on prerequisites for container registry.

Note: Ensure that the version of kubectl is the latest version.

I tried replicating by following the document you provided and it worked at my end, So ensure that all the prerequisites are met.