Getting Started
Usage
- Integrations
Google Artifact Registry
Deploy Docker images from your private Google Artifact Registry repository with Miru
Instead of using public Docker Hub images like we did with mongo:4.2.0 image in Prepare your Application, you can use private images located in your Google Artifact Registry repository.
To do so, we need to create a service account in your Google Cloud project, add it to miru, and grant it read-only access to your chosen Artifact Registry repositories. Follow the steps below to connect miru with your Google Artifact Registry.
Connect to Google Artifact Registry
Navigate to the service accounts page in your Google Cloud Console. Select the Google Cloud project that you want to connect miru to. We’re using container-integration.
miru. Click the Create Service Account button to create a new service account for this Google Cloud Project.
Fill in the service account name and description before clicking Create and Continue. You can follow the naming convention we’ve used or choose your own.
Search for the Service Account Token Creator role and add it to the service account. This will allow miru to create temporary tokens with the same permissions as the service account itself, allowing temporary (1 hour long) tokens to be distributed to your devices for authenticating to Google Artifact Registry.
Click Continue to update the service account policies.
Finally, click Done to create the service account.
For now this service account has no permissions to access any of your Google Cloud resources. We’ll later grant it access to your chosen Artifact Registry repositories in Grant Access to Artifact Registry Repositories.
Click into the service account you just created.
Navigate to the Keys tab to view the service account’s keys.
Create a new key by clicking the Add Key dropdown and selecting Create new key.
Select JSON as the key type and click Create.
The keys will automatically download to your computer. We’ll quickly upload them to miru and then remove them as soon as we’re done with them.
Before adding the service account to miru, please ensure that the IAM Service Account Credentials API is enabled for your Google Cloud project. To do so, navigate to the IAM Service Account Credentials API page in Google Cloud Console and click the Enable button.
Navigate to the Google Artifact Registry Page in miru. Click the Add Service Account button to add the service account we just created.
Click Select File and upload the JSON key file downloaded from Google Cloud. Then click Connect.
You should now see the service account we just created in the list of service accounts for on the Google Artifacts Integration page.
miru. This key file can grant access to your Google Cloud project resources and should not be shared with anyone else. miru is connected to your Google Cloud Project via the service account you just created. However, the service account does not yet have access to your Artifact Registry.
To grant a service account access to repositories in your Artifact Registry, navigate to the Artifact Registry Page in Google Cloud Console and select the same Google Cloud project as the service account you connected to miru with. For us that’s container-integration.
Select the repository you want to grant your service account access to. We’ve selected the django repository. Then click the Add Principal button.
Open a new tab in the Service Accounts Page, find the service account you connected to miru with, and copy the email address listed.
Navigate back to the Artifact Registry Page and paste the service account email address into the New Principals field. Then add the Artifact Registry Reader role to the service account and click Save.
You should now see your service account listed with the Artifact Registry Reader role for the repository you selected. To grant miru access to more repositories, simply repeat the process for each repository.
To revoke miru access to a repository, click the Delete button next to the role.
Congratulations! You’ve successfully connected miru with your Google Artifact Registry. miru will have read-only access to selected repositories in your Artifact Registry. If you want to add repositories from a different Google Cloud project, please create a separate service account for that project, add it to miru, and grant access to the chosen repositories.
To use an image from your Google Artifact repository, simple specify the image reference in your docker-compose.yml file that is tracked by miru.
<compose-service>:
image: <region>-docker.pkg.dev/<google-cloud-project>/<repository>/<image>:<tag>
For instance, adding an image from our django repository looks like this:
<compose-service>:
image: us-central1-docker.pkg.dev/container-integration/django/backend:latest