GCP Cloud Run Cannot Pull Image from Artifact Registry in Other Project

Question

I&#160;have&#160;a&#160;parent&#160;project&#160;with&#160;a&#160;docker-configured&#160;artifact&#160;registry.A&#160;cloud-based&#160;service&#160;that&#160;runs&#160;as&#160;part&#160;of&#160;a&#160;child&#160;project&#160;has&#160;to&#160;get&#160;its&#160;image&#160;from&#160;the&#160;parent.A&#160;service&#160;account&#160;attached&#160;to&#160;the&#160;child&#160;project&#160;has&#160;IAM&#160;role&#160;roles/artifact registry. writer&#160;permission&#160;to&#160;access&#160;the&#160;repository.I&#160;receive&#160;the&#160;following&#160;problem&#160;when&#160;I&#160;attempt&#160;to&#160;launch&#160;my&#160;service:To&#160;read&#160;the&#160;image,&#160;Google&#160;Cloud&#160;Run&#160;Service&#160;Agent&#160;has&#160;to&#160;have&#160;permission.&#160;europe-west1-docker.pkg.dev/test-parent-project/docker-webank-private/node:custom-1.&#160;Verify&#160;that&#160;the&#160;container&#160;image&#160;URL&#160;provided&#160;is&#160;accurate&#160;and&#160;that&#160;the&#160;aforementioned&#160;account&#160;has the authorization&#160;to&#160;access&#160;the&#160;image.&#160;It&#160;can&#160;take&#160;a&#160;while&#160;for&#160;the&#160;rights&#160;to&#160;spread&#160;if&#160;you&#160;just&#160;enabled&#160;the&#160;Cloud&#160;Run&#160;API.cat $GOOGLE_APPLICATION_CREDENTIALS | docker login -u _json_key --password-stdin https://europe-west1-docker.pkg.dev
> Login succeeded
docker pull europe-west1-docker.pkg.dev/bfb-cicd-inno0/docker-webank-private/node:custom-1
> OK

Ashwini · Answer

In Cloud Run, there are two different sorts of service accounts:The service account for the Google Cloud Run APIThe service account for Runtime.You refer to the runtime service account, the identity that will be used by the service when it runs and calls Google Cloud API, in your description and screenshot.The service must first be deployed though, before it can run. This time, an internal Google Cloud Run process was launched to pull the container, produce a revision, and do all necessary internal tasks. A service account called "service agent" also exists to carry out that task.You may locate it in the IAM console at: The structure is as followsservice-@serverless-robot-prod.iam.gserviceaccount.comDon't forget to select Include in the checkbox in the top right corner.Give the appropriate access to the deployment service account and not the runtime service account if you want it to be able to pull images from another project.If you need to know more about&#160;Cloud Computing, We recommend joining&#160;Cloud Computing&#160;Certification&#160;today.

GCP Cloud Run Cannot Pull Image from Artifact Registry in Other Project

Your comment on this question:

1 answer to this question.

Your answer

Your comment on this answer:

Related Questions In GCP

Recreating a VM on a different GCP project: How can I transfer a disk snapshot across projects in Google Cloud Platform projects?

How to create a project in GCP Cloud?

How to create a project from GCP Cloud Shell?

How to enable new services to a project in GCP Cloud?

Web UI (Dashboard): https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

How do I go from development docker-compose.yml to deployed docker-compose.yml in AWS

How to store data in Hyperledger Fabric after restart?

Deploy Docker Containers from Docker Cloud

In GCP share a VPN gateway with other projects

In GCP, how to list all the resources running under project?

Subscribe to our Newsletter, and get personalized recommendations.

TRENDING CERTIFICATION COURSES

TRENDING MASTERS COURSES

COMPANY

WORK WITH US

DOWNLOAD APP

CATEGORIES

CATEGORIES

TRENDING BLOG ARTICLES

TRENDING BLOG ARTICLES