Setup Jenkins with Google Container Registry

Setup Jenkins with Google Container Registry

We have complete slave node setup on Jenkins, now will setup next one of the important prerequisites to setup complete CI. To part of setup complete CI in our any infrastructure, building/pushing docker image is playing viral role. Always we cannot push out image to docker hub, may be for privacy or other concerns. In this serious of posts, will see about how setup other commonly used registry in Jenkins. This help us to automate the Pushing and pulling image from docker registry(private).

Required Plugins

To access GCR from Jenkins, we need to install the following plugins.

  • docker-build-step: This plugin allows to add various Docker commands as a build step. Latest version 2.0.
  • Google OAuth Credentials: Provide Google credentials. Latest version 0.6.
  • Google Container Registry Auth: This plugin retrieves Google credentials from Google OAuth Credentials plugin and provides authentication for docker-build-step plugin. Latest version 0.3.

The workflow is a little bit tricky but still understandable:

  1. Create a service account which has full access to GCR in Google Cloud.
  2. In jenkins, create a credential for this service account with Google OAuth Credentials plugin.
  3. Create a pull/push build step with docker-build-step plugin and set the registry URL to GCR.
  4. Google Container Registry Auth plugin will provide the credential created in Step 2 to docker when the build step is executed.

Step 1: Create a service account

  1. Create Container Registry

If you don’t have existing container registry, please follow this step or skip it. If you don’t have “Container Registry” already, just login to google cloud account and left side scroll and find the “Container Registry”. Just click that and it will ask you to enable container registry API, just enable it. Now all good, your registry is enabled, and you can push/pull the images. Let’s assume the registry URL is, in which sapient-helix-197208 is the project name in Google Cloud.

  1. Create Service account

Once you done, now go back to home page and find “IAM & admin” and click that from your left panel. In IAM page find “service accounts” on left side. In that We are going to create a service account so that Jenkins can access GCR. Click “+ CREATE SERVICE ACCOUNT” button and enter your account name.

create service account

Enter any name for your identification, and click continue

gcr roleIt will ask to pick the role to add, as its optional (even we don’t need any), you can skip but clicking continue.

gcr create key

json keyNow you can give existing user to access/permission by adding the user, if you don’t have/don’t want just to leave blank and in down click “create key”, it will ask to pick the format, pick “JSON” format. It will download the keyfile to access the service account. Keep it safe, we need for coming steps.

Switch to “Storage” from sidebar. And if you have existing storage bucket you can use the same or create new storage bucket to store the docker images/artefacts. To create new storage, click on “create bucket”, and fill the required details and pick suitable “storage class”. Once you done, you can click on storage bucket name and click “permissions” tab.

In that click “Add members”. Enter the service account ID we just created and choose “Storage Admin” in “Roles”. Click Add.

add gcr storage memberSetup Jenkins Credentials

Go back to your Jenkins server, and make sure login with an admin account. Choose “Credentials” from the sidebar, then choose “System” à “Global credentials” (you can choose other domains as well) and click “Add Credentials”.

Select “Google Service Account from private key” for the “Kind” field and enter your project name (sapient-helix-197208 in this example). Then upload the JSON private key we just downloaded in previous step.

jenkins gcr authSetup Docker

If your docker already works with Jenkins, you can skip this step. Or please refer

In docker on slave section. And make sure docker is installed and running.

Setup Jenkins Job to Push Image

Now it is time to create the Jenkins job. Create a freestyle Jenkins job and fill other settings with your needs (such as git repository, parameters, etc.). In the build steps, you can add Docker commands to build and push / pull docker images.

For push / pull command, Fill the parameters like this:

  • Name of the image to push/pull: image name, e.g. dockerapp
  • Tag: image tag, Jenkins variables can be used, e.g. build-$BUILD_NUMBER
  • Registry: the registry name on GCR without https, e.g.
  • Docker registry URL: GCR URL, use
  • Registry credentials: Choose the credentials we created in “Setup Jenkins Credentials” section

That’s all of it! Now you can try to build this Jenkins job and it will automatically push the image to GCR.