https://pulumi.com logo
#google-cloud
Title
# google-cloud
s

some-continent-7311

12/13/2021, 12:24 PM
Hello everyone. I can’t seem to figure out how to specify a GCP service account in
imagePullSecrets
to be able to pull images from a private GCP Registry Container. I would appreciate if anyone could point out to a tutorial. Thank you!
q

quiet-wolf-18467

12/13/2021, 12:27 PM
If it’s a GKE cluster, then the default permissions do include the ability to pull from GCR
s

some-continent-7311

12/13/2021, 12:31 PM
hmm, for some reason when I made the registry private and did
pulumi up
on one of the microservices it resulted in the
ImagePullBackoff
state of the pod
… yep, it’s a GKE cluster
thanks for your reply rawkode
oh, just realized that GKE is pulling from a GCR in a different project @quiet-wolf-18467
g

green-school-95910

12/13/2021, 12:48 PM
You can set the service account used by the node pools (it defaults to the compute service account) Grant that service account permission to read and list files on the respective bucket on the other project
Are u using the google-native or the classic provider? I can send more specific links the docs
s

some-continent-7311

12/14/2021, 8:23 AM
Hi Luiz, I believe we are using the classic provider.
I followed your advice about service account permissions and it works!