Can I use cloud run with self-hosted/private docker image registry? - google-cloud-platform

When I deployed with my self-hosted(private) Docker image registry, got this error:
This service will require authentication to be invoked.
Deploying container to Cloud Run service [serverless-functions-go] in project [PROJECT_ID] region [us-central1]
X Deploying new service...
. Creating Revision...
. Routing traffic...
Deployment failed
ERROR: (gcloud.beta.run.deploy) Invalid image provided in the revision template. Expected [region.]gcr.io/repo-path[:tag or #digest], obtained dtr.artifacts.xxx.com/xxxxx/xxxx/serverless-functions-go:latest
Before pulling the image from my private docker image registry, I need to use the command like:
docker login [options]
How can I solve this issue?

Can I use cloud run with private docker container registry?
No, not at this time. See "Images you can deploy" in the Cloud Run documentation.

Related

GCP Cloud code plugin in intellij "Failed to enable GCP auth addon"

While trying to locally run the "java cloud run hello word sample" Cloud Run: Run Locally
I keep getting
Enabling GCP auth addon...
Failed to enable GCP auth addon. Deployment will continue but GCP
credentials will not be added to minikube. Please ensure you have up
to date application default credentials (ADC) by running gcloud auth login --update-adc
Things that I have tried and didn't solve the problem
run gcloud auth login --update-adc
use a different service account
not provide a service account
provide the environment variable GOOGLE_APPLICATION_CREDENTIALS
Current configuration
What am I missing?
It appears to be a bug with minikube
The workaround:
Install minikube https://minikube.sigs.k8s.io/docs/start/
In your terminal, run minikube delete --all
Delete the existing minikube images from Docker
The original workaround and issue details can be found below:
https://github.com/GoogleCloudPlatform/cloud-code-intellij/issues/2949#issuecomment-870120602

How can I expose the AWS_WEB_IDENTITY_TOKEN_FILE to docker container that runs on GitLab runner with Kubernetes executor

I am running java application that tries access to AWS s3 bucket on a docker container with AWS Java SDK in order to load credentials from WebIdentityTokenCredentialsProvider.
I am running that docker on Gitlab runner with Kubernetes executor.
I created a job that runs a docker container.
myJod:
image: docker:19.03.12
script:
- all relevant installations ...
- docker-compose build
- docker-compose up
On the runner itself, I can run aws commands and get s3 buckets. Also, I have access to $AWS_WEB_IDENTITY_TOKEN_FILE from the runner.
But when I run a docker container on the runner, the docker can't access $AWS_WEB_IDENTITY_TOKEN_FILE.
I got following error:
com.amazonaws.auth.AWSCredentialsProviderChain - Unable to load credentials from WebIdentityTokenCredentialsProvider: Unable to locate specified web identity token file.
How can I solve it?

Deploy app created with docker-compose to AWS

Final goal: To deploy a ready-made cryptocurrency exchange on AWS.
I have setup a readymade server by 0xProject by running the following command on my local machine:
npx #0x/launch-kit-wizard && docker-compose up
This command creates a docker-compose.yml file which has multiple container definitions and starts the exchange on http://localhost:3001/
I need to deploy this to AWS for which I'm following this Youtube tutorial
I have created a registry user with appropriate permissions
An EC2 instance is created
ECR repository is created
AWS CLI is configured
As per AWS instructions, I'm retrieving an authentication token and authenticating Docker client to registry:
aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin <docker-id-given-by-AWS>.dkr.ecr.us-east-2.amazonaws.com
I'm trying to build the docker image:
docker build -t testdockerregistry .
Now, since in this case, we have docker-compose.yml instead of Dockerfile - when I try to build the image - it throws the following error:
unable to prepare context: unable to evaluate symlinks in Dockerfile path: CreateFile C:\Users\hp\Desktop\xxx\Dockerfile: The system cannot find the file specified.
I tried building image from docker-compose itself as per this guide, which fails with the following message:
postgres uses an image, skipping
frontend uses an image, skipping
mesh uses an image, skipping
backend uses an image, skipping
nginx uses an image, skipping
Can anyone please help me with this?
You can use the aws ecs cli-compose command from the ECS CLI.
By using this command it will translate the docker-compose file you create into a ECS Task Definition.
If you're interested in finding out more about the CLI take a read of the AWS documentation here.
Another approach, instead of using the AWS ECS CLI directly, is to use the new docker/compose-cli
This CLI tool makes it easy to run Docker containers and Docker Compose applications in the cloud using either Amazon Elastic Container Service (ECS) or Microsoft Azure Container Instances (ACI) using the Docker commands you already know.
See "Docker Announces Open Source Compose for AWS ECS & Microsoft ACI " from Aditya Kulkarni.
It references "Docker Open Sources Compose for Amazon ECS and Microsoft ACI" from Chris Crone, Engineer #docker:
While implementing these integrations, we wanted to make sure that existing CLI commands were not impacted.
We also wanted an architecture that would make it easy to add new backends and provide SDKs in popular languages. We achieved this with the following architecture:

Google Cloud Run deployment not working using `gcloud` SDK CLI

I have a service created on Google Cloud run that I am able to deploy manually through the Google Cloud Console UI using an image on Container registry. But deployment from CLI is failing. Here is the command I am using and the error I get. I am not able to understand what I am missing:
$ gcloud beta run deploy service-name --platform managed --region region-name --image image-url
Deploying container to Cloud Run service [service-name] in project [project-name] region [region-name]
X Deploying...
. Creating Revision...
. Routing traffic...
Deployment failed
ERROR: (gcloud.beta.run.deploy) INVALID_ARGUMENT: The request has errors
- '#type': type.googleapis.com/google.rpc.BadRequest
fieldViolations:
- description: spec.revisionTemplate.spec.container.ports should be empty
field: spec.revisionTemplate.spec.container.ports
Update 1:
I have updated the SDK using gcloud components update, but I still have the same issue
Here's my SDK Version
$gcloud version
Google Cloud SDK 270.0.0
beta 2019.05.17
bq 2.0.49
core 2019.11.04
gsutil 4.46
I am using a multistage docker build. Here's my Dockerfile:
FROM custom-dev-image
COPY . /project_dir
WORKDIR /project_dir
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
/usr/local/bin/go build -a \
-ldflags '-w -extldflags "-static"' \
-o /root/go/bin/executable ./cmds/project/main.go
FROM alpine:3.10
ENV GIN_MODE=release APP_NAME=project_name
COPY --from=0 /root/go/bin/executable /usr/local/bin/
CMD executable
I had this same problem and I assume it was because I had older Cloud Run deployment that was created before I had ran gcloud components update since some update.
I was able to fix it by deleting the whole Cloud Run service (through the GUI) and deploying it from scratch again (via terminal). I noticed that the ports: definition disappeared from the YAML once I did this.
After this I could do deployments normally.
This was a bug in Cloud Run. It has been fixed and deploying with CLI is working for me now. Here's the link to the issue I had raised with Google Cloud which has a response from them https://issuetracker.google.com/issues/144069696.

Can I use docker image registry from google cloud build?

With Google Cloud Build, I am creating a trigger to build using a Dockerfile, the end result of which is a docker image.
I'd like to tag and push this to the standard Docker image repository (docker.io), but i get the following error:
The push refers to repository [docker.io/xxx/yyy]
Pushing xxx/yyy:master
denied: requested access to the resource is denied
I assume that this is because within the context of the build workspace, there has been no login to the Docker registry.
Is there a way to do this, or do I have to use the Google Image Repository?
You can configure Google Cloud Build to push to a different repository with a cloudbuild.yaml in addition to the Dockerfile. You can log in to Docker by passing your password as an encrypted secret env variable. An example of using a secret env variable can be found here: https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-secrets-credentials#example_build_request_using_an_encrypted_variable