I am new to using GCR.
My use case is that I want to grant push only
access to a specific bucket of my project on the Google Container Registry (gcr).
I figured that I'll have to create a service account if I want to grant this access to multiple users and also create a specific role for the same.
I did manage to create a service account, let's say test-service-account
, and also created a role for the same, let's sat test-role
.
I provided the following permissions to the role:
- storage.bucket.create
- storage.bucket.get
I also applied this role to the test-service-account
. But still when I log in to docker registry locally, using
cat keyfile.json | docker login -u _json_key --password-stdin https://gcr.io
and try to push the image, I get denied: Access denied.
What am I missing?
Also, the current method will give the test-service-account
access to all the buckets. Is there a way to provide access to a singular bucket?