Skip to content
ConfigurationRegistriesGCR

GCR (Google Container Registry)

The gcr registry lets you configure GCR integration. GCR was shut down by Google in 2025 — consider using GAR instead.

logo

Effective March 18, 2025, Container Registry is shut down and writes are unavailable. Only gcr.io URLs hosted on migrated or Artifact Registry-backed gcr.io repositories remain usable. Drydock's GCR provider still works with those repositories because Google redirects configured gcr.io hosts to Artifact Registry; new projects should use the GAR provider instead.

The gcr registry lets you configure GCR integration.

Variables

Env varRequiredDescriptionSupported valuesDefault value when missing
DD_REGISTRY_GCR_{REGISTRY_NAME}_CLIENTEMAILService Account Client Email (required for private images access)See Artifact Registry Docker service account key authentication
DD_REGISTRY_GCR_{REGISTRY_NAME}_PRIVATEKEYService Account Private Key (required for private images access)See Artifact Registry Docker service account key authentication

Docker and Docker Compose action triggers use this same service-account configuration when they pull private GCR images during an update. No separate action-trigger auth setting is required.

Examples

Configure for authenticated access

services:
  drydock:
    image: codeswhat/drydock
    ...
    environment:
      - DD_REGISTRY_GCR_PRIVATE_CLIENTEMAIL=johndoe@mysuperproject.iam.gserviceaccount.com
      - DD_REGISTRY_GCR_PRIVATE_PRIVATEKEY=-----BEGIN PRIVATE KEY-----xxxxxxxxxxx\n-----END PRIVATE KEY-----\n 
docker run \
  -e DD_REGISTRY_GCR_PRIVATE_CLIENTEMAIL="johndoe@mysuperproject.iam.gserviceaccount.com" \
  -e DD_REGISTRY_GCR_PRIVATE_PRIVATEKEY="-----BEGIN PRIVATE KEY-----xxxxxxxxxxx\n-----END PRIVATE KEY-----\n" \
  ...
  codeswhat/drydock

How to create a Service Account on Google Cloud Platform

1. Go to the Service Account page

2. Create a new Service Account

3. Grant Artifact Registry Reader (roles/artifactregistry.reader) on the private repository

4. Save the Service Account

5. Create a new key for the newly created Service Account

6. Download the keyfile JSON file and store it securely

7. Open the JSON file, get the client_email and private_key values and configure drydock with them