Untitled

$ kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

$ gcloud auth print-access-token

apiVersion: v1
  kind: Secret
  metadata:
    name: mykey
  data:
    .dockercfg: <paste base64 encoded string here>
  type: kubernetes.io/dockercfg

apiVersion: v1
kind: Pod
metadata:
  name: foo
  namespace: awesomeapps
spec:
  containers:
    - image: "janedoe/awesomeapp:v1"
      name: foo
  imagePullSecrets:
    - name: mykey

kubectl create secret docker-registry mydockercfg
  --docker-server "https://eu.gcr.io"
  --docker-username _json_key
  --docker-email not@val.id
  --docker-password=$(cat your_service_account.json)

eu.artifacts.{project-id}.appspot.com

$ docker login -e 1234@5678.com -u _json_key -p "$JSON_KEY" https://gcr.io

export GCR_KEY_JSON=$(cat ~/secret.json | tr -d 'n')
mv ~/.docker/config.json ~/.docker/config-orig.json
cat >~/.docker/config.json <<EOL
{
  "auths": {
    "gcr.io": {}
  }
}
EOL
docker login -e not@val.id -u _json_key -p "$GCR_KEY_JSON" https://gcr.io
export DOCKER_CONFIG_JSON_NO_NEWLINES=$(cat ~/.docker/config.json | tr -d 'n')
mv ~/.docker/config-orig.json ~/.docker/config.json
cat >secrets.yaml <<EOL
apiVersion: v1
kind: Secret
metadata:
  name: gcr-key
data:
  .dockerconfigjson: $(echo -n ${DOCKER_CONFIG_JSON_NO_NEWLINES} | base64 | tr -d 'n')
type: kubernetes.io/dockerconfigjson

EOL
kubectl create -f secrets.yaml

spec:
  imagePullSecrets:
    - name: gcr-key
  containers:
  - image: ...

gsutil iam ch serviceAccount:[EMAIL-ADDRESS]:objectViewer gs://[BUCKET_NAME]

artifacts.[PROJECT-ID].appspot.com for images pushed to gcr.io/[PROJECT-ID], or
[REGION].artifacts.[PROJECT-ID].appspot.com, where [REGION] is:
us for registry us.gcr.io
eu for registry eu.gcr.io
asia for registry asia.gcr.io

The email address of the service account called: **Compute Engine default service account** in the GCP project where the Kubernetes cluster run