6. - Scan with Container Analysis
- Enforce deployment policies with
Binary Authorization
7. Implementing Binary Authorization using Cloud Build and GKE
Implementing Binary Authorization using Cloud Build and GKE - https://cloud.google.com/architecture/binary-auth-with-cloud-build-and-gke
12. Artifact Registry
1. Manage Container images with
additional features
2. Regional and multi-regional
repositories
3. Multiple repositories per Google
Cloud project
4. Repository-native IAM with granular
permissions
14. Helm chart
1. Create a repository in Artifact
Registry
2. Create a chart
3. Authenticate with the repository
4. Push the chart to the repository
5. Deploy the chart
export HELM_EXPERIMENTAL_OCI=1
20. $ helm install gcf-worker
oci://asia-east1-docker.pkg.dev/cloud-build-tes
tbed/devfest-demo/gcf-worker --version 0.1.0
NAME: gcf-worker
LAST DEPLOYED: Mon Nov 15 23:29:11 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
21. Locations
North America
- Montréal / Toronto / Iowa / South Carolina / Northern Virginia /
Oregon / Los Angeles / Salt Lake City / Las Vegas
South America
- São Paulo
Europe
- Warsaw / Finland / Belgium / London / Frankfurt / Netherlands /
Zürich
Asia
- Taiwan / Hong Kong / Tokyo / Osaka / Seoul / Mumbai / Delhi /
Singapore / Jakarta
Australia
- Sydney / Melbourne
All regions are at least 100 miles apart.
22. Repositories
project
Repository - APT
Repository - Docker
Repository - Python
Repository - Node
Repository - Maven
Repository - Yum
Australia-southeast2 Melbourne
Asia-east1 Taiwan
asia-northeast2 Osaka
asia
Northamerica-northeast2 Toronto
Us-west2 Los Angeles
us
Europe-west3 Frankfurt
Europe-north1 Finland
europe
23. Access Control
Primitive IAM Role
- Project Owner
- roles/artifactregistry.repoAdmin
- roles/artifactregistry.admin
- Project Editor
- roles/artifactregistry.writer
- Project Viewer
- roles/artifactregistry.reader
27. Pricing
Docker repositories
- Storage
- Network egress
- Vulnerability scanning, if
the Container Scanning API
is enabled
Package repositories
- Storage
- Network egress
28. Artifact Registry is the recommended service for
managing container images. Container Registry is still
supported but will only receive critical security fixes