Allow multiple Google Container Registries (GCR)

As far as I could understand from the documentation there is no way to set multiple Google Container Registries (GCR) in Codefresh. The only method provided by the current docs is to create a service account that is granted permission for GCR operations in all projects.

The solution currently suggested in the documentation violates the Principle of Least Privilege and cannot be considered for our enterprise architecture design. We need isolation among pipelines and we cannot allow a pipeline to access an image built by another team for another project.

I would like to request whether it is planned to provide support for multiple Google Container Registries. If this was not the case we will be forced to drop the “official” Docker step altogether and customize how Docker authenticates, pulls, and pushes from/to a remote registry.

Hello there.

The requirement that you are brining up here is correct and valid.

Our development team is working as we speak on completing the ability to work with multiple instances of registry from the same provider.

This ability should be available for use in the short coming period.

We will update here once it is ready.

1 Like

Hello, thank you very much for the information!

Is there any ETA for when this feature will be released?
We are currently working around the registry configuration by setting different projects in different regions, but this is limited to 4 projects and won’t be a sustainable option when we start to deploy to production.

Hello again.
This feature should be delivered in the coming 2 weeks timeframe.

Of course we will keep you updated here once it is available.

1 Like