Private Registries are restricted to organization projects
Private Docker registries are available only to projects that are owned by an organization or team. Personal projects don’t have access to private repositories.
Create a service account in GCP
- Create a new service account under your Google Cloud project that contains the registry
- Add
Service Account Token Creator
role so it can create temporary tokens for itself - Add
Artifact Registry Reader
role so it can download Docker images from your private repository - Download the service account JSON to use in Valohai
Add credentials to Valohai
- Navigate to Hi, (the top right menu) >
Manage <organization>
- Go to Registries under the organization controls
- Add a new entry
- Insert the match pattern in the format of
<domain>/<owner-and-or-repository>/*
e.g.<region>-docker.pkg.dev/<project-id>/*
or<region>-docker.pkg.dev/<project-id>/my-repository:*
- Choose your registry type and provide the access credentials generated in the first step
- Use the full name of the tagged image (e.g.
<region>-docker.pkg.dev/<project-id>/my-repository/myimage:0.1
) when defining the image in yourvalohai.yaml
.