SlideShare a Scribd company logo

Devfest 2021' - Artifact Registry Introduction (Taipei)

KAI CHU CHUNG, profile picture
KAI CHU CHUNG

The document provides an overview of Google's Artifact Registry, highlighting its features such as managing container images, vulnerability analysis, access control, and CI/CD integration. It explains the process of implementing binary authorization with Cloud Build and GKE, along with detailed examples of creating and managing repositories for various artifacts including Docker images and Helm charts. The document also outlines access control roles and permissions relevant to project management within the Artifact Registry.

Technology
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Artifact Registry Introduction KAI CHU CHUNG Cloud GDE, GDG Cloud Taipei co-organizer Taipei
Agenda 1. Quick review Container Registry 2. Artifact Registry
Quick review Container Registry
Container Registry 1. Manage Container images 2. Vulnerability analysis 3. Access control 4. CI/CD integration
- Docker Image Manifest V2 - OCI image formats HOSTNAME/PROJECT-ID/IMAGE:TAG ( gcr.io / asia.gcr.io / eu.gcr.io / us.gcr.io )
- Scan with Container Analysis - Enforce deployment policies with Binary Authorization
Implementing Binary Authorization using Cloud Build and GKE Implementing Binary Authorization using Cloud Build and GKE - https://cloud.google.com/architecture/binary-auth-with-cloud-build-and-gke
Access Control - Public/Private - Primitive - roles/storage.objectViewer - roles/storage.legacyBucketWriter - roles/storage.admin
CI/CD Integration Kubernetes Engine Container Registry Cloud Build Cloud Build
CI/CD Integration Kubernetes Engine Container Registry Cloud Build Cloud Build Helm + GCS plugin
Artifact Registry
Artifact Registry 1. Manage Container images with additional features 2. Regional and multi-regional repositories 3. Multiple repositories per Google Cloud project 4. Repository-native IAM with granular permissions
Artifacts - Container images - Helm chart - Java, Node.js, and Python packages - Debian and RPM Linux packages
Helm chart 1. Create a repository in Artifact Registry 2. Create a chart 3. Authenticate with the repository 4. Push the chart to the repository 5. Deploy the chart export HELM_EXPERIMENTAL_OCI=1
$ gcloud beta artifacts repositories create (REPOSITORY : --location=LOCATION) --repository-format=REPOSITORY_FORMAT [--allow-snapshot-overwrites] [--async] [--description=DESCRIPTION] [--kms-key=KMS_KEY] [--labels=[KEY=VALUE,…]] [--version-policy=VERSION_POLICY; default="NONE"] [GCLOUD_WIDE_FLAG …]
$ gcloud beta artifacts repositories create gcf-worker --repository-format=docker --location=asia-east1 --description="devfest21 aritfact registry demo"
$ helm package gcf-worker $ gcloud auth print-access-token | helm registry login -u oauth2accesstoken --password-stdin https://asia-east1-docker.pkg.dev $ helm push gcf-worker-0.1.0.tgz oci://asia-east1-docker.pkg.dev/cloud-build-tes tbed/devfest-demo
$ gcloud artifacts docker images list [IMAGE_PATH] [--include-tags] [--occurrence-filter=OCCURRENCE_FILTER; default='kind="BUILD" OR kind="IMAGE" OR kind="DISCOVERY"'] [--show-occurrences] [--show-occurrences-from=SHOW_OCCURRENCES_FROM; default=10] [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,…]] [GCLOUD_WIDE_FLAG …]
$ gcloud artifacts docker images list asia-east1-docker.pkg.dev/cloud-build-testbed/devfest-demo Listing items under project cloud-build-testbed, location asia-east1, repository devfest-demo. IMAGE DIGEST CREATE_TIME UPDATE_TIME asia-east1-docker.pkg.dev/cloud-build-testbed/devfest-demo /gcf-worker sha256:a47cc170ff19a83cade7438f60ee373df4193b252e0bad5fd09 f22c69701ea50 2021-11-15T23:16:10 2021-11-15T23:16:10
$ helm install gcf-worker oci://asia-east1-docker.pkg.dev/cloud-build-tes tbed/devfest-demo/gcf-worker --version 0.1.0 NAME: gcf-worker LAST DEPLOYED: Mon Nov 15 23:29:11 2021 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None
Locations North America - Montréal / Toronto / Iowa / South Carolina / Northern Virginia / Oregon / Los Angeles / Salt Lake City / Las Vegas South America - São Paulo Europe - Warsaw / Finland / Belgium / London / Frankfurt / Netherlands / Zürich Asia - Taiwan / Hong Kong / Tokyo / Osaka / Seoul / Mumbai / Delhi / Singapore / Jakarta Australia - Sydney / Melbourne All regions are at least 100 miles apart.
Repositories project Repository - APT Repository - Docker Repository - Python Repository - Node Repository - Maven Repository - Yum Australia-southeast2 Melbourne Asia-east1 Taiwan asia-northeast2 Osaka asia Northamerica-northeast2 Toronto Us-west2 Los Angeles us Europe-west3 Frankfurt Europe-north1 Finland europe
Access Control Primitive IAM Role - Project Owner - roles/artifactregistry.repoAdmin - roles/artifactregistry.admin - Project Editor - roles/artifactregistry.writer - Project Viewer - roles/artifactregistry.reader
Artifact Registry permissions - roles/artifactregistry.reader - roles/artifactregistry.writer - roles/artifactregistry.repoAdmin - roles/artifactregistry.admin bindings: - members: - user: user@gmail.com role: roles/owner - members: - serviceAccount: repo-readonly@iam.gserviceaccount.com - user: user2@gmail.com role: roles/artifactregistry.reader - members: - serviceAccount: repo-write@iam.gserviceaccount.com role: roles/artifactregistry.writer - members: - serviceAccount: repo-admin@iam.gserviceaccount.com role: roles/artifactregistry.repoAdmin - members: - serviceAccount: ar-admin@iam.gserviceaccount.com role: roles/artifactregistry.admin Implementing Binary Authorization using Cloud Build and GKE - https://cloud.google.com/architecture/binary-auth-with-cloud-build-and-gke
CI/CD Integration Kubernetes Engine Artifacts Registry Cloud Build Cloud Build Flexible
Devfest 2021' - Artifact Registry Introduction (Taipei)
Pricing Docker repositories - Storage - Network egress - Vulnerability scanning, if the Container Scanning API is enabled Package repositories - Storage - Network egress
Artifact Registry is the recommended service for managing container images. Container Registry is still supported but will only receive critical security fixes
Q & A

More Related Content

PDF
Organiser son CI/CD - présentation
Julien Garderon
 
PDF
클라우드 네이티브 전환 요소 및 성공적인 쿠버네티스 도입 전략
Open Source Consulting
 
PDF
OpenStackトラブルシューティング入門
VirtualTech Japan Inc.
 
PDF
오픈스택: 구석구석 파헤쳐보기
Jaehwa Park
 
PDF
コンテナ未経験新人が学ぶコンテナ技術入門
Kohei Tokunaga
 
PDF
Azure Monitor Logで実現するモダンな管理手法
Takeshi Fukuhara
 
PDF
Introduction to kubernetes
Raffaele Di Fazio
 
PDF
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
Kazuhito Miura
 
Organiser son CI/CD - présentation
Julien Garderon
 
클라우드 네이티브 전환 요소 및 성공적인 쿠버네티스 도입 전략
Open Source Consulting
 
OpenStackトラブルシューティング入門
VirtualTech Japan Inc.
 
오픈스택: 구석구석 파헤쳐보기
Jaehwa Park
 
コンテナ未経験新人が学ぶコンテナ技術入門
Kohei Tokunaga
 
Azure Monitor Logで実現するモダンな管理手法
Takeshi Fukuhara
 
Introduction to kubernetes
Raffaele Di Fazio
 
JenkinsとDockerって何が良いの? 〜言うてるオレもわからんわ〜 #jenkinsstudy
Kazuhito Miura
 

What's hot (20)

PPTX
OpenStackで始めるクラウド環境構築入門
VirtualTech Japan Inc.
 
PDF
Fluentdのお勧めシステム構成パターン
Kentaro Yoshida
 
PPT
CI and CD with Jenkins
Martin Málek
 
PPTX
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
NTT DATA Technology & Innovation
 
PDF
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Hironobu Isoda
 
PDF
Intégration continue et déploiement continue avec Jenkins
Kokou Gaglo
 
PPTX
Backstage at CNCF Madison.pptx
BrandenTimm1
 
PPTX
Hybrid Azure AD Join 動作の仕組みを徹底解説
Yusuke Kodama
 
PDF
Pipeline Devops - Intégration continue : ansible, jenkins, docker, jmeter...
XavierPestel
 
PDF
Alphorm.com Formation Docker (1/2) : Installation et Administration
Alphorm
 
PPTX
Office365 および Azure AD 管理者が必ずやっておくべきセキュリティ対策
Yusuke Kodama
 
PDF
OpenShift 4 installation
Robert Bohne
 
PDF
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Nalee Jang
 
PDF
왕초보를 위한 도커 사용법
GeunCheolYeom
 
PDF
Introduction to Tekton
Victor Iglesias
 
PDF
macOSの仮想化技術について ~Virtualization-rs Rust bindings for virtualization.framework ~
NTT Communications Technology Development
 
PPTX
iostat await svctm の 見かた、考え方
歩 柴田
 
PDF
Always on 可用性グループ 構築時のポイント
Masayuki Ozawa
 
PPTX
Docker
A.K.M. Ahsrafuzzaman
 
PPTX
20220302_TechDojo_OpenShift_BootCamp_1章概要
Airi Furukawa
 
OpenStackで始めるクラウド環境構築入門
VirtualTech Japan Inc.
 
Fluentdのお勧めシステム構成パターン
Kentaro Yoshida
 
CI and CD with Jenkins
Martin Málek
 
0から始めるコンテナの学び方(Kubernetes Novice Tokyo #14 発表資料)
NTT DATA Technology & Innovation
 
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Hironobu Isoda
 
Intégration continue et déploiement continue avec Jenkins
Kokou Gaglo
 
Backstage at CNCF Madison.pptx
BrandenTimm1
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Yusuke Kodama
 
Pipeline Devops - Intégration continue : ansible, jenkins, docker, jmeter...
XavierPestel
 
Alphorm.com Formation Docker (1/2) : Installation et Administration
Alphorm
 
Office365 および Azure AD 管理者が必ずやっておくべきセキュリティ対策
Yusuke Kodama
 
OpenShift 4 installation
Robert Bohne
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Nalee Jang
 
왕초보를 위한 도커 사용법
GeunCheolYeom
 
Introduction to Tekton
Victor Iglesias
 
macOSの仮想化技術について ~Virtualization-rs Rust bindings for virtualization.framework ~
NTT Communications Technology Development
 
iostat await svctm の 見かた、考え方
歩 柴田
 
Always on 可用性グループ 構築時のポイント
Masayuki Ozawa
 
Docker
A.K.M. Ahsrafuzzaman
 
20220302_TechDojo_OpenShift_BootCamp_1章概要
Airi Furukawa
 
Ad

Similar to Devfest 2021' - Artifact Registry Introduction (Taipei) (20)

PDF
Coscup x ruby conf tw 2021 google cloud buildpacks 剖析與實踐
KAI CHU CHUNG
 
PPTX
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
devopsdaysaustin
 
PPTX
No more Dockerfiles? Buildpacks to help you ship your image!
Anthony Dahanne
 
PPTX
Develop with docker 2014 aug
Vincent De Smet
 
PPTX
[20200720]cloud native develoment - Nelson Lin
HanLing Shen
 
PPTX
Session on Launching Selenium Grid and Running tests using docker compose and...
Agile Testing Alliance
 
PDF
An introduction to Apache Hive CI and QA
Stamatis Zampetakis
 
PDF
Gitlab ci e kubernetes, build test and deploy your projects like a pro
sparkfabrik
 
PDF
Serverless containers … with source-to-image
Josef Adersberger
 
PDF
Serverless Container with Source2Image
QAware GmbH
 
PPTX
Google Cloud Build - Overview and Examples
Evgenii Studitskikh
 
PPTX
Extending Kubectl.pptx
LibbySchulze
 
PDF
GCP - GCE, Cloud SQL, Cloud Storage, BigQuery Basic Training
Simon Su
 
PDF
Using docker to develop NAS applications
Terry Chen
 
PPTX
Java microservicesdockerdockerhubusecase2
Subramanyam Vemala
 
PDF
DevFest 2022 - Cloud Workstation Introduction TaiChung
KAI CHU CHUNG
 
PDF
Continuous Integration & Continuous Delivery with GCP
KAI CHU CHUNG
 
PDF
Bring-your-ML-Project-into-Production-v2.pdf
Liang Yan
 
PDF
Streamline your development environment with docker
Giacomo Bagnoli
 
PDF
Kubernetes security
Thomas Fricke
 
Coscup x ruby conf tw 2021 google cloud buildpacks 剖析與實踐
KAI CHU CHUNG
 
2016 - Continuously Delivering Microservices in Kubernetes using Jenkins
devopsdaysaustin
 
No more Dockerfiles? Buildpacks to help you ship your image!
Anthony Dahanne
 
Develop with docker 2014 aug
Vincent De Smet
 
[20200720]cloud native develoment - Nelson Lin
HanLing Shen
 
Session on Launching Selenium Grid and Running tests using docker compose and...
Agile Testing Alliance
 
An introduction to Apache Hive CI and QA
Stamatis Zampetakis
 
Gitlab ci e kubernetes, build test and deploy your projects like a pro
sparkfabrik
 
Serverless containers … with source-to-image
Josef Adersberger
 
Serverless Container with Source2Image
QAware GmbH
 
Google Cloud Build - Overview and Examples
Evgenii Studitskikh
 
Extending Kubectl.pptx
LibbySchulze
 
GCP - GCE, Cloud SQL, Cloud Storage, BigQuery Basic Training
Simon Su
 
Using docker to develop NAS applications
Terry Chen
 
Java microservicesdockerdockerhubusecase2
Subramanyam Vemala
 
DevFest 2022 - Cloud Workstation Introduction TaiChung
KAI CHU CHUNG
 
Continuous Integration & Continuous Delivery with GCP
KAI CHU CHUNG
 
Bring-your-ML-Project-into-Production-v2.pdf
Liang Yan
 
Streamline your development environment with docker
Giacomo Bagnoli
 
Kubernetes security
Thomas Fricke
 
Ad

More from KAI CHU CHUNG (20)

PDF
Devfest 2023 - Service Weaver Introduction - Taipei.pdf
KAI CHU CHUNG
 
PDF
DevFest 2022 - Skaffold 2 Deep Dive Taipei.pdf
KAI CHU CHUNG
 
PDF
Velero search & practice 20210609
KAI CHU CHUNG
 
PDF
Gdg cloud taipei ddt meetup #53 buildpack
KAI CHU CHUNG
 
PDF
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
KAI CHU CHUNG
 
PDF
如何透過 Go-kit 快速搭建微服務架構應用程式實戰
KAI CHU CHUNG
 
PDF
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...
KAI CHU CHUNG
 
PDF
Google App Engine: Basic
KAI CHU CHUNG
 
PDF
COSCUP 2020 Google 技術 x 公共參與 x 開源 口罩地圖技術開源
KAI CHU CHUNG
 
PDF
GDG Cloud Taipei meetup #50 - Build go kit microservices at kubernetes with ...
KAI CHU CHUNG
 
PDF
GDG Devfest 2019 - Build go kit microservices at kubernetes with ease
KAI CHU CHUNG
 
PDF
Global GDG Leaders Summit, Google I/O 2018 經驗分享
KAI CHU CHUNG
 
PDF
Google apps script introduction
KAI CHU CHUNG
 
PDF
Screenshot as a service
KAI CHU CHUNG
 
PDF
Nas 也可以揀土豆
KAI CHU CHUNG
 
PDF
60分鐘完送百萬edm,背後雲端ci/cd實戰大公開
KAI CHU CHUNG
 
PDF
Django oscar introduction
KAI CHU CHUNG
 
PDF
Google apps script introduction
KAI CHU CHUNG
 
PDF
Gae managed vm introduction
KAI CHU CHUNG
 
PDF
Google app engine (gae) 演進史
KAI CHU CHUNG
 
Devfest 2023 - Service Weaver Introduction - Taipei.pdf
KAI CHU CHUNG
 
DevFest 2022 - Skaffold 2 Deep Dive Taipei.pdf
KAI CHU CHUNG
 
Velero search & practice 20210609
KAI CHU CHUNG
 
Gdg cloud taipei ddt meetup #53 buildpack
KAI CHU CHUNG
 
GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization
KAI CHU CHUNG
 
如何透過 Go-kit 快速搭建微服務架構應用程式實戰
KAI CHU CHUNG
 
Dev fest 2020 taiwan how to debug microservices on kubernetes as a pros (ht...
KAI CHU CHUNG
 
Google App Engine: Basic
KAI CHU CHUNG
 
COSCUP 2020 Google 技術 x 公共參與 x 開源 口罩地圖技術開源
KAI CHU CHUNG
 
GDG Cloud Taipei meetup #50 - Build go kit microservices at kubernetes with ...
KAI CHU CHUNG
 
GDG Devfest 2019 - Build go kit microservices at kubernetes with ease
KAI CHU CHUNG
 
Global GDG Leaders Summit, Google I/O 2018 經驗分享
KAI CHU CHUNG
 
Google apps script introduction
KAI CHU CHUNG
 
Screenshot as a service
KAI CHU CHUNG
 
Nas 也可以揀土豆
KAI CHU CHUNG
 
60分鐘完送百萬edm,背後雲端ci/cd實戰大公開
KAI CHU CHUNG
 
Django oscar introduction
KAI CHU CHUNG
 
Google apps script introduction
KAI CHU CHUNG
 
Gae managed vm introduction
KAI CHU CHUNG
 
Google app engine (gae) 演進史
KAI CHU CHUNG
 

Recently uploaded (20)

PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
The Future of Artificial Intelligence (AI)
Mukul
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 

Devfest 2021' - Artifact Registry Introduction (Taipei)

  • 1. Artifact Registry Introduction KAI CHU CHUNG Cloud GDE, GDG Cloud Taipei co-organizer Taipei
  • 2. Agenda 1. Quick review Container Registry 2. Artifact Registry
  • 4. Container Registry 1. Manage Container images 2. Vulnerability analysis 3. Access control 4. CI/CD integration
  • 5. - Docker Image Manifest V2 - OCI image formats HOSTNAME/PROJECT-ID/IMAGE:TAG ( gcr.io / asia.gcr.io / eu.gcr.io / us.gcr.io )
  • 6. - Scan with Container Analysis - Enforce deployment policies with Binary Authorization
  • 7. Implementing Binary Authorization using Cloud Build and GKE Implementing Binary Authorization using Cloud Build and GKE - https://cloud.google.com/architecture/binary-auth-with-cloud-build-and-gke
  • 8. Access Control - Public/Private - Primitive - roles/storage.objectViewer - roles/storage.legacyBucketWriter - roles/storage.admin
  • 12. Artifact Registry 1. Manage Container images with additional features 2. Regional and multi-regional repositories 3. Multiple repositories per Google Cloud project 4. Repository-native IAM with granular permissions
  • 13. Artifacts - Container images - Helm chart - Java, Node.js, and Python packages - Debian and RPM Linux packages
  • 14. Helm chart 1. Create a repository in Artifact Registry 2. Create a chart 3. Authenticate with the repository 4. Push the chart to the repository 5. Deploy the chart export HELM_EXPERIMENTAL_OCI=1
  • 15. $ gcloud beta artifacts repositories create (REPOSITORY : --location=LOCATION) --repository-format=REPOSITORY_FORMAT [--allow-snapshot-overwrites] [--async] [--description=DESCRIPTION] [--kms-key=KMS_KEY] [--labels=[KEY=VALUE,…]] [--version-policy=VERSION_POLICY; default="NONE"] [GCLOUD_WIDE_FLAG …]
  • 16. $ gcloud beta artifacts repositories create gcf-worker --repository-format=docker --location=asia-east1 --description="devfest21 aritfact registry demo"
  • 17. $ helm package gcf-worker $ gcloud auth print-access-token | helm registry login -u oauth2accesstoken --password-stdin https://asia-east1-docker.pkg.dev $ helm push gcf-worker-0.1.0.tgz oci://asia-east1-docker.pkg.dev/cloud-build-tes tbed/devfest-demo
  • 18. $ gcloud artifacts docker images list [IMAGE_PATH] [--include-tags] [--occurrence-filter=OCCURRENCE_FILTER; default='kind="BUILD" OR kind="IMAGE" OR kind="DISCOVERY"'] [--show-occurrences] [--show-occurrences-from=SHOW_OCCURRENCES_FROM; default=10] [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] [--sort-by=[FIELD,…]] [GCLOUD_WIDE_FLAG …]
  • 19. $ gcloud artifacts docker images list asia-east1-docker.pkg.dev/cloud-build-testbed/devfest-demo Listing items under project cloud-build-testbed, location asia-east1, repository devfest-demo. IMAGE DIGEST CREATE_TIME UPDATE_TIME asia-east1-docker.pkg.dev/cloud-build-testbed/devfest-demo /gcf-worker sha256:a47cc170ff19a83cade7438f60ee373df4193b252e0bad5fd09 f22c69701ea50 2021-11-15T23:16:10 2021-11-15T23:16:10
  • 20. $ helm install gcf-worker oci://asia-east1-docker.pkg.dev/cloud-build-tes tbed/devfest-demo/gcf-worker --version 0.1.0 NAME: gcf-worker LAST DEPLOYED: Mon Nov 15 23:29:11 2021 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None
  • 21. Locations North America - Montréal / Toronto / Iowa / South Carolina / Northern Virginia / Oregon / Los Angeles / Salt Lake City / Las Vegas South America - São Paulo Europe - Warsaw / Finland / Belgium / London / Frankfurt / Netherlands / Zürich Asia - Taiwan / Hong Kong / Tokyo / Osaka / Seoul / Mumbai / Delhi / Singapore / Jakarta Australia - Sydney / Melbourne All regions are at least 100 miles apart.
  • 22. Repositories project Repository - APT Repository - Docker Repository - Python Repository - Node Repository - Maven Repository - Yum Australia-southeast2 Melbourne Asia-east1 Taiwan asia-northeast2 Osaka asia Northamerica-northeast2 Toronto Us-west2 Los Angeles us Europe-west3 Frankfurt Europe-north1 Finland europe
  • 23. Access Control Primitive IAM Role - Project Owner - roles/artifactregistry.repoAdmin - roles/artifactregistry.admin - Project Editor - roles/artifactregistry.writer - Project Viewer - roles/artifactregistry.reader
  • 24. Artifact Registry permissions - roles/artifactregistry.reader - roles/artifactregistry.writer - roles/artifactregistry.repoAdmin - roles/artifactregistry.admin bindings: - members: - user: [email protected] role: roles/owner - members: - serviceAccount: [email protected] - user: [email protected] role: roles/artifactregistry.reader - members: - serviceAccount: [email protected] role: roles/artifactregistry.writer - members: - serviceAccount: [email protected] role: roles/artifactregistry.repoAdmin - members: - serviceAccount: [email protected] role: roles/artifactregistry.admin Implementing Binary Authorization using Cloud Build and GKE - https://cloud.google.com/architecture/binary-auth-with-cloud-build-and-gke
  • 27. Pricing Docker repositories - Storage - Network egress - Vulnerability scanning, if the Container Scanning API is enabled Package repositories - Storage - Network egress
  • 28. Artifact Registry is the recommended service for managing container images. Container Registry is still supported but will only receive critical security fixes
  • 29. Q & A