Google Container Registry

Introduction

Bunnyshell enables you to connect Google Container registries to your organization, making it easy for you to store your application images there and deploy them on Kubernetes clusters.

Before you proceed, make sure you have administrator privileges on your Google Container Registry.

Granting Bunnyshell Access to GCR

1. Install the gcloud CLI using the instructions available here.

2. Enable Google Container Registry API using the command below.

gcloud services enable containerregistry.googleapis.com

Creating the Service Account

3. Now you'll have to grant Bunnyshell access to GCR. Start by creating a service account using the command below:

gcloud iam service-accounts create [USER] 

Example

gcloud iam service-accounts create bunnyshell-access

In this case, bunnyshell-access is the GCR User ID we used.

4. Grant the Service Account access to your storage:

gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:USER@PROJECT_ID.iam.gserviceaccount.com \ --role=roles/storage.admin 

Example

gcloud projects add-iam-policy-binding [bunnyshell-84194] \ --member=serviceAccount:bunnyshell-access@bunnyshell-84194.iam.gserviceaccount.com \ --role=roles/storage.admin

In this case, bunnyshell-84194 is our GCR Project ID.

Retrieving your Project ID

The Project ID can be fetched by clicking on the Project Name in the top bar.

Retrieving the Google Service Account

5. Retrieve the Google Service Account key using the command below:

gcloud iam service-accounts keys create gsa-key.json \ --iam-account=[USER@PROJECT_ID].iam.gserviceaccount.com

Example

gcloud iam service-accounts keys create gsa-key.json \ --iam-account=bunnyshell-access@bunnyshell-84194.iam.gserviceaccount.com

Connecting your GCR Registry

1. Access the Bunnyshell interface and click the Integrations button on the left side.

2. Click Registries on the left-side menu.

3. Click the Connect registry button and select Google Container Registry.

4. A new window will pop-up, where you will have to provide the following information:

• Registry name: Choose what name your cluster will have in Bunnyshell.

• Region: The location of the registry, location where the image is stored.

More details about GCR regions are available on the Google Cloud documentation site.

• GCR User ID: Copy and paste the Google Service Account ID in this field.

If you have a Google Service Account already created, the ID is the string before the @ in the email address.

Example:

In the address bunnyshell-access@bunnyshell-84194.iam.gserviceaccount.com, the string bunnyshell-access is the Google Service Account ID.

• GCR Project ID: Fetched by clicking on the Project Name in GCR interface. How to retrieve the Project ID.

• Google Service Account Key (JSON): Copy and paste the contents of gsa-key.json inside this field. How to retrieve the Google Service Account Key.