How to Push Custom Docker Images from Linux VM to Google Artifact Registry: A Step-by-Step Guide

In the modern era of containerized applications, Docker has become a cornerstone technology for packaging and deploying software. Google Artifact Registry provides a robust solution for storing, managing, and securing Docker images and other artifacts in the cloud.

In this article, we'll explore the process of pushing a custom Docker image from a Linux virtual machine (VM) to Google Artifact Registry. By following these steps, you'll be able to seamlessly integrate your development workflow with Google Cloud Platform's Artifact Registry, ensuring efficient image management and deployment for your projects.

Prerequisites:

1) GCP Account

2)Linux server up and running

3) Docker installed on that server

4) Application code should be present in the server

5) Google Artifact registry already created on GCP

Step 1) Launch the Linux VM and SSH into it. Make sure to have proper firewall settings enabled.

Step 2) Make sure to have the application code inside the server and you are already present in the directory and the Dockerfile.

The contents of the Dockerfile is in the below snapshot.

Step 3) Build the Docker image from the Dockerfile

cmd> docker build -t <image-name> .

Output would look like this

To verify run the below command.

>docker images

By this you have successfully created the custom docker image from the Dockerfile.

Step 4) To Push the image from server to google artifact registry

I have already created the repository through the GCP console.

1. If the target repository does not exist, create a new repository.
2. You must have at least Artifact Registry Writer access to the repository.

Required roles

To get the permissions that you need to push and pull images, ask your administrator to grant you the following IAM roles on the repository:

• Pull images: Artifact Registry Reader (roles/artifactregistry.reader)
• Tag and push images: Artifact Registry Writer (roles/artifactregistry.writer)

For more information about granting roles, see Manage access.

You might also be able to get the required permissions through custom roles or other predefined roles.

Authenticating to a repository

You must authenticate to repositories whenever you use Docker or another third-party client with a Docker repository. This section provides a quick summary of what you'll need to authenticate successfully. For detailed instructions, see Setting up authentication for Docker.

Using a credential helper

For the gcloud CLI credential helper or standalone credential helper, the Artifact Registry hosts you use must be in your Docker configuration file.

Artifact Registry does not automatically add all registry hosts to the Docker configuration file. Docker response time is significantly slower when there is a large number of configured registries. To minimize the number of registries in the configuration file, you add the hosts that you need to the file.

To confirm which hosts are configured, run the following command to display the contents of the configuration file:

• Linux: cat ~/.docker/config.json

Pushing an image

Repository modes: standard

To push a image to a standard Docker repository, you tag it with the repository name and then push the image.

If your Artifact Registry Docker repository has tag immutability enabled, a tag must always reference the same image digest in the repository. You cannot use the tag on another version of the same image that you push to the repository. For more information about image digests, tags, and tag immutability, see Container image versions.

For large images, the following limits apply:

Upload time

If you authenticate to Artifact Registry using an access token, the token is only valid for 60 minutes. If you expect your upload time to exceed 60 minutes, use a different authentication method.

Image size

The maximum artifact size is 5 TB.

Artifact Registry does not support Docker chunked uploads. Some tools support uploading large images with either chunked uploads or a single monolithic upload. You must use monolithic uploads to push images to Artifact Registry.

Tagging the image

1. Make sure that you are authenticated to the repository.
2. Determine the name of the image. The format of a full image name is:

LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE        

>docker tag image-for-backend asia-south2-docker.pkg.dev/msp-finops/three-tier-be/my-image-be:latest

If the immutable image tags setting is enabled, tags must be unique for each image version, including the latest tag. You cannot push an image to the repository if the tag is already used by another version of the same image in the repository. To verify if the setting is enabled for the repository, run the command:

> gcloud artifacts repositories describe REPOSITORY --project=PROJECT-ID \

--location=LOCATION

Push the tagged image to Artifact Registry

Note: Artifact Registry does not support Docker chunked uploads. Some container image tools support uploading large container images with either chunked uploads or a single monolithic upload. You must use monolithic uploads when you push container images to Artifact Registry.

1. Make sure that you are authenticated to the repository.
2. Push the tagged image with the command:

cmd> docker push asia-south2-docker.pkg.dev/msp-finops/three-tier-be/my-image-be:latest

After pushing your image, you can:

• Go to the Google Cloud console to view the image.

In conclusion, pushing a Docker image created on a Google Cloud Platform (GCP) VM to Artifact Registry involves several key steps. First, ensure Docker is installed and authenticated with Artifact Registry using a service account. Then, tag your Docker image with the appropriate Artifact Registry URL and push it to the registry. By following the steps outlined in this guide and referring to the Google Cloud documentation provided, you can seamlessly integrate your Docker workflow with Artifact Registry, leveraging its powerful features for managing container images in your GCP projects.