Skip to main content

Container Registry

Container registry is a service of Nine Managed GKE that allows you to securely store your container images on Google infrastructure.

Details

Customers using Nine Managed GKE will need to store their container images somewhere. Nine provides the integrated service Artifact Registry for this, giving you piece of mind that your images and deployment pipelines are end to end secured.

note

Google has deprecated the Google Container Registry (GCR) and provides Artifact Registry as a replacement service. To make the migration as simple as possible, we have configured the existing service accounts (gcr-readonly and gcr-readwrite) to also have access to the new Artifact Registry. So depending on how you push images to your current GCR registry, the only thing you need to do is to change the URL wherever you push images and also adjust the deployments to pull the images from the new registry. Additionally, you can access the registry with your personal ninegcp.ch accounts if you are logged in to gcloud locally.

To use the new registry with docker, you can use the command gcloud auth configure-docker europe-west6-docker.pkg.dev to authenticate with the new registry. After that you can simply push/pull images with the docker command. Access to the registry from your GKE cluster is automatically granted without any further configuration. Once you have uploaded an image to the new registry, you can simply update the image URL in your deployments and the image pull should work out of the box.

If you want to copy some or all existing images from GCR to the Artifact Registry, you can make use of the Google provided gcrane tool. Follow the steps in the GCP documentation on how to set it up and how to copy images over: https://cloud.google.com/artifact-registry/docs/docker/copy-images#gcrane-local

The shutdown is scheduled as follows:

  • After March 18, 2025, writing images to Container Registry is unavailable.
  • After April 22, 2025, reading images from Container Registry is unavailable. Existing images images in Container Registry are inaccessible.
  • After May 22, 2025 all requests to gcr.io endpoints are served by Artifact Registry. Any existing images in Container Registry that haven't been copied to Artifact Registry won't be available in Artifact Registry. The Artifact Registry API must be enabled to serve gcr.io endpoint requests.

Availability

Container registry is available as standard with Nine Managed GKE. We can enable some optional features:

Please just contact us to configure these optional features.

Usage

You can find the address and credentials to access your container registry on runway.

To deploy an image simply use its name and tag in your deployment configurations europe-west6-docker.pkg.dev/{GCP_PROJECT_ID}/gke/{image_name}:{your_image_tag}, your cluster will be configured to have access to this by default.