Skip to content

Instantly share code, notes, and snippets.

@JT501

JT501/docker-compose-gcr-gar.md

Last active September 19, 2024 23:22
Show Gist options
  • Save JT501/0e0fc676d67c9be6abab4ff9784f8c6f to your computer and use it in GitHub Desktop.
Save JT501/0e0fc676d67c9be6abab4ff9784f8c6f to your computer and use it in GitHub Desktop.
Download ZIP
Run docker-compose on Container Optimized OS (GCE) with access to GCR & GAR
Raw
docker-compose-gcr-gar.md

docker-compose on Container Optimized OS (GCE) with access to GCR & GAR

For Docker Compose V2.0, please read the comment below.

Docker Compose V1.0

Since GCE's Container-Optimized OS do not include docker-compose by default. So, we need to use the official docker/compose image as a workaround. However, docker/compose cannot access GCR or GAR to pull private images. Therefore we have to create a custom docker-compose image which is authenticated to GCR / GAR.

1. Create a file (i.e docker-compose-gar or whatever name)

mkdir docker-compose-gar && cd docker-compose-gar

2. Create a Dockerfile as follow

FROM docker/compose:alpine-1.27.4

ENV VERSION=2.0.4
ENV OS=linux
ENV ARCH=amd64

# Install docker-credential-gcr
RUN wget -O - "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${VERSION}/docker-credential-gcr_${OS}_${ARCH}-${VERSION}.tar.gz" \
    | tar xz --to-stdout ./docker-credential-gcr > /usr/bin/docker-credential-gcr && chmod +x /usr/bin/docker-credential-gcr

RUN docker-credential-gcr version
RUN docker-credential-gcr configure-docker --include-artifact-registry
CMD docker-compose

3. Build docker-compose-gar image

docker build -t docker-compose-gar .

4. Add a docker-compose alias your shell configuration file, e.g. .bashrc

echo alias docker-compose="'"'docker run --rm \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v "$PWD:$PWD" \
    -w="$PWD" \
    docker-compose-gar'"'" >> ~/.bashrc

5. Run docker-compose

Now you can pull the private images from GCR / GAR

Try:

docker-compose pull

or

docker-compose up

Ref

@JT501
Copy link
Author

JT501 commented Aug 4, 2023
edited
Loading

Update: Docker Compose V2.0+

Since docker/compose image stopped updating since v2.0, therefore we need to install docker/compose-bin plugin instead.

Run this once only, and you can then run compose with docker compose (no dash):

DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
CLI_PLUGINS=/var/lib/docker/cli-plugins
mkdir -p $DOCKER_CONFIG
sudo mkdir -p $CLI_PLUGINS
sudo curl -SL https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-linux-x86_64 -o $CLI_PLUGINS/docker-compose
sudo chmod -R 755 /var/lib/docker
ln -s $CLI_PLUGINS $DOCKER_CONFIG/cli-plugins

Ref

GCE startup script

You have to run the script every time you restart the instance, thus it is better to add it to the startup script of your instance.

#! /bin/bash

sleep 15    # wait for VM to add a user before running the script
DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
CLI_PLUGINS=/var/lib/docker/cli-plugins
mkdir -p $DOCKER_CONFIG
sudo mkdir -p $CLI_PLUGINS
sudo curl -SL https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-linux-x86_64 -o $CLI_PLUGINS/docker-compose
sudo chmod -R 755 /var/lib/docker
ln -s $CLI_PLUGINS $DOCKER_CONFIG/cli-plugins
EOF

Using startup scripts

@JT501
Copy link
Author

JT501 commented Aug 5, 2023

Set up authentication for Docker

docker-credential-gcr configure-docker --registries=HOSTNAME-LIST

Where HOSTNAME-LIST is a comma-separated list of repository hostnames to add to the credential helper configuration.

for example,

docker-credential-gcr configure-docker --registries=us-central1-docker.pkg.dev,asia-northeast1-docker.pkg.dev

Ref

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment