I’d like to use private docker images stored in GCP Artifact Registry for some of my jobs. I’ve been looking through the documentation but I haven’t found a way to do authenticated docker pulls from there. My understanding is that there’s no way to generate a long-lived username/password, you can only have a long-lived service account key (which is then used to generate the username/password). This means that there’s nothing I can use for the jobs.docker.auth fields. Has anyone figured this out?
I know I can start a job with a public image and then authenticate and pull the private image, but I want the job to use the private image from the start.