The manual way:
https://medium.com/google-cloud/using-single-docker-repository-with-multiple-gke-projects-1672689f780c
For each GCP project that will need to access the GCR images, you give storage.objectViewer permission to its service account in the GCP project where the GCR images will be accessed.
The way through Terraform code:
resource "google_project_iam_member" "my-project-storage-access" {
project = "gcp-project-of-gcr-images"
role = "roles/storage.objectViewer"
member = "serviceAccount:${google_service_account.my-cluster.email}"
}
For each GCP project that will need to access the GCR images, you use the above terraform code to give the service account the storage.objectViewer permission to that GCP project where the GCR images will be accessed.
