No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

If it’s a GKE cluster, then the default permissions do include the ability to pull from GCR

hmm, for some reason when I made the registry private and did `pulumi up` on one of the microservices it resulted in the `ImagePullBackoff` state of the pod

oh, just realized that GKE is pulling from a GCR in a _different_ project <@UCU9C7W73>

You can set the service account used by the node pools (it defaults to the compute service account)
Grant that service account permission to read and list files on the respective bucket on the other project

Are u using the google-native or the classic provider? I can send more specific links the docs

Hi Luiz, I believe we are using the classic provider.

I followed your advice about service account permissions and it works!