Google Container Registry

Introduction

Bunnyshell supports connecting Google Container Registries to your organization, allowing you to use those registries to store your container images and deploy them on Kubernetes clusters.

🚧

Before you proceed, make sure you have administrator privileges on your Google Container Registry.

Grant Bunnyshell Access to GCR

1. Install the gcloud CLI using the instructions available here.

2. Enable Google Container Registry API using the command below.

gcloud services enable containerregistry.googleapis.com

Create the Service Account

3. Now you'll have to grant Bunnyshell access to GCR. Start by creating a service account using the command below:

gcloud iam service-accounts create {USER}

Example

gcloud iam service-accounts create bunnyshell-access

📘

In this case, bunnyshell-access is the GCR User ID we used.

4. Grant the Service Account access to your storage:

gcloud projects add-iam-policy-binding {PROJECT_ID} \
    --member=serviceAccount:{USER}@{PROJECT_ID}.iam.gserviceaccount.com \
    --role=roles/storage.admin

Example

gcloud projects add-iam-policy-binding bunnyshell-84194 \
    --member=serviceAccount:[email protected] \
    --role=roles/storage.admin

📘

Note

In this case, bunnyshell-84194 is our GCR Project ID.

Retrieve your Project ID

The Project ID can be fetched by clicking on the {Project Name} in the top bar.

Retrieve the Google Service Account

5. Retrieve the Google Service Account key using the command below:

gcloud iam service-accounts keys create gsa-key.json \
    --iam-account={USER}@{PROJECT_ID}.iam.gserviceaccount.com

Example

gcloud iam service-accounts keys create gsa-key.json \
    --iam-account=bunnyshell-access@bunnyshell-84194.iam.gserviceaccount.com

Connect your GCR Registry

1. Access the Bunnyshell interface and click the Integrations button on the left side.

2. Click Container Registries on the left-side menu.

3. Click the Connect container registry button and select Google Container Registry.

4. A new window will pop-up, where you will have to provide the following information:

• Registry name: Choose what name your cluster will have in Bunnyshell.
• Region: The location of the registry, location where the image is stored. More details about GCR regions are available on the Google Cloud documentation site.
• GCR User ID: Copy and paste the Google Service Account ID in this field.

📘

Note

If you have a Google Service Account already created, the ID is the string before the @ in the email address.

Example:
In the address [email protected], the string bunnyshell-access is the Google Service Account ID.

• GCR Project ID: Fetched by clicking on the Project Name in GCR interface.
  How to retrieve the Project ID.
• Google Service Account Key (JSON): Copy and paste the contents of gsa-key.json inside this field.
  How to retrieve the Google Service Account Key.