commit | d95e329ec299b02e3acbf5dcb389348acca2badf | [log] [tgz] |
---|---|---|
author | Jake Sanders <jsand@google.com> | Fri May 05 18:43:38 2017 |
committer | Jake Sanders <jsand@google.com> | Fri May 05 18:43:38 2017 |
tree | 14484933a704352e5e73eca294851450d6f84719 | |
parent | 6e98ae6296111a4c879fb1473b3a0d9ebdf7a944 [diff] |
1.3.5 -> 1.4.0 Change-Id: Ib428a13d99d0e2674aa9d25c62f077fe77342659 Signed-off-by: Jake Sanders <jsand@google.com>
docker-credential-gcr is Google Container Registry‘s Docker credential helper. It allows for Docker clients v1.11+ to easily make authenticated requests to GCR’s repositories (gcr.io, eu.gcr.io, etc.).
The helper implements the Docker Credential Store API, but enables more advanced authentication schemes for GCR's users. In particular, it respects Application Default Credentials and is capable of generating credentials automatically (without an explicit login operation) when running in App Engine or Compute Engine.
By default, the helper searches for GCR credentials in the following order:
gcloud config config-helper --format='value(credential.access_token)'
).docker-credential-gcr gcr-login
)However, the user may limit or re-order how the helper searches for GCR credentials using docker-credential-gcr config --token-source
. Numbers 1-4 above are designated by the “env” source, 5 by “gcloud” and 6 by “store”. Multiple sources are separated by commas, and the default is “env, gcloud, store”.
Examples:
To configure the credential helper to use only the gcloud SDK's access token:
docker-credential-gcr config --token-source="gcloud"
To try the private store, followed by the environment:
docker-credential-gcr config --token-source="store, env"
The helper implements the Docker Credential Store API and can be used to store credentials for other repositories. WARNING: Credentials are stored in plain text in a file under the user's home directory (e.g. $HOME/.config/gcloud/docker_credentials.json on non-windows systems).
The program in this repository is written with the Go programming language and built with make
. These instructions assume that Go 1.7+ and make
are installed on a *nix system.
Download the source and put it in your $GOPATH
with go get
.
go get github.com/GoogleCloudPlatform/docker-credential-gcr
Use make
to build the program. The executable will be output to the bin
directory inside the repository.
cd $GOPATH/src/github.com/GoogleCloudPlatform/docker-credential-gcr make
Put that binary in your $PATH
. e.g. if /usr/bin
is present on your path:
sudo mv ./bin/docker-credential-gcr /usr/bin/docker-credential-gcr
Configure the Docker CLI to use docker-credential-gcr as its credential store
docker-credential-gcr configure-docker
Log in to GCR (or don't! gcloud auth login
is sufficient, too)
docker-credential-gcr gcr-login
Use Docker!
docker pull gcr.io/project-id/neato-container
Log out from GCR
docker-credential-gcr gcr-logout
Add a credHelpers
entry in the Docker config file (usually ~/.docker/config.json
) for each GCR registry that you care about. The key should be the domain of the registry (without the “https://”) and the key chould be the suffix of the credential helper binary (everything after “docker-credential-”).
e.g. for `docker-credential-gcr`:
Set the credsStore
and auths
fields in your Docker config file (usually ~/.docker/config.json
). credsStore
should be the suffix of the compiled binary (everything after “docker-credential-”) and auths
should have an empty entry for each GCR endpoint that you care about (with the “https://”).
e.g. for `docker-credential-gcr`:
Apache 2.0. See LICENSE for more information.