As far as I could understand from the documentation there is no way to set multiple Google Container Registries (GCR) in Codefresh. The only method provided by the current docs is to create a service account that is granted permission for GCR operations in all projects.
The solution currently suggested in the documentation violates the Principle of Least Privilege and cannot be considered for our enterprise architecture design. We need isolation among pipelines and we cannot allow a pipeline to access an image built by another team for another project.
I would like to request whether it is planned to provide support for multiple Google Container Registries. If this was not the case we will be forced to drop the “official” Docker step altogether and customize how Docker authenticates, pulls, and pushes from/to a remote registry.
Is there any ETA for when this feature will be released?
We are currently working around the registry configuration by setting different projects in different regions, but this is limited to 4 projects and won’t be a sustainable option when we start to deploy to production.
I just wanted to let you know that this feature is now in private beta. You can open a support ticket with us if you want it enabled for your Codefresh account.
Or you can simply wait, so that it becomes available to all accounts, once it reaches production status
