10.3.2 Google Artifact Registry
A focused guide to Google Artifact Registry, connecting core concepts with practical Docker and container operations.
Google Artifact Registry is Google Cloud's managed registry service for container images (and other artifact types), providing tight integration with Google Cloud's identity and access management, networking, and compute services, analogous to how ECR integrates with AWS.
Creating a Repository in Artifact Registry
A repository is created within a specific Google Cloud project and region before images can be pushed to it.
gcloud artifacts repositories create myapp-repo --repository-format=docker --location=us-central1
Authenticating With Artifact Registry
Authentication integrates with Google Cloud's own credential system, configuring Docker to use those credentials for the specific registry.
gcloud auth configure-docker us-central1-docker.pkg.dev
This configures Docker to authenticate against this specific Artifact Registry location using the currently active Google Cloud credentials.
Pushing an Image to Artifact Registry
Once authenticated, pushing follows the standard pattern, using Artifact Registry's specific repository path format.
docker tag myapp:1.0 us-central1-docker.pkg.dev/my-project/myapp-repo/myapp:1.0
docker push us-central1-docker.pkg.dev/my-project/myapp-repo/myapp:1.0
Why This Integrates Naturally With Other Google Cloud Services
A service deployed on Google Kubernetes Engine (GKE) or Cloud Run, running with an appropriate Google Cloud service account, can pull from Artifact Registry without needing a separately managed registry credential.
gcloud run deploy myapp --image us-central1-docker.pkg.dev/my-project/myapp-repo/myapp:1.0
This deployment pulls the specified image using permissions already granted through Google Cloud's own identity and access management.
Why Google Artifact Registry Matters
For workloads deployed on Google Cloud, Artifact Registry provides the same kind of tightly integrated, identity-aware registry experience ECR provides for AWS, simplifying authentication and access management for teams already operating within that specific cloud ecosystem.