Using Private Containers on GCP Container Optimized OS

Publication Date | June 17, 2019
Last Updated | June 23, 2020

By default, GCP Container Optimized (COS) VMs can't pull images on your Private Container Registry even if you've passed the right IAM and API credentials.

You'll get the below error message.

Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in:

This baffled me. I had a working private container image specified during VM creation (

"Illustration of GCP Config Parameters"

Turns out you need to add this single line to the startup-script. This gives docker the ability to pull from your private registry. Not sure why this was hidden in Google's Docs.

docker-credential-gcr configure-docker
Contact: Please feel free to email me at [email protected] or tweet @shekkery.
Friendly Request: Writing quality articles is hard. Getting traffic is even harder. Thank you for sharing!

Like Software Engineering, Machine Learning or Meta-Learning? Get new posts before they're released. No spam ever, promise.