[英]How to use an image from container registry in different project?
I have two projects in Google Cloud.我在 Google Cloud 中有两个项目。 On the first project I have some images in the container registry and i'm using it in the gke.
在第一个项目中,我在容器注册表中有一些图像,我在 gke 中使用它。
When I trie to create a container in the second project, it gives me a error:当我尝试在第二个项目中创建容器时,它给了我一个错误:
Error: Status 403 trying to pull repository project-1/image-x: "Access denied."
错误:状态 403 试图提取存储库 project-1/image-x:“访问被拒绝。”
How can i use those images in the gke but in different project?我如何在 gke 但在不同的项目中使用这些图像? I don't want to create the same images in the second project.
我不想在第二个项目中创建相同的图像。
You can modify who the images are visible to by using the access control settings available on the Google Cloud Storage bucket that they're stored in. 您可以使用存储在Google Cloud Storage存储桶中的访问控制设置来修改对谁可见的图像。
Reference: https://cloud.google.com/container-registry/docs/access-control 参考: https : //cloud.google.com/container-registry/docs/access-control
If you just want to make all your images readable to the entire world, then the command from this other StackOverflow answer should help: gsutil -m acl -r set public-read gs://bucket-name gsutil -m defacl set public-read gs://bucket-name
如果您只是想让所有图像对全世界都可读,那么来自另一个StackOverflow答案的命令应该会有所帮助:
gsutil -m acl -r set public-read gs://bucket-name gsutil -m defacl set public-read gs://bucket-name
This is discussed in detail in my answer here: Access google container registry without the gcloud client 我在这里的答案中对此进行了详细讨论:在没有gcloud客户端的情况下访问Google容器注册表
If you cannot get things working, also feel free to reach out to us at gcr-contact@google.com, and we'd be happy to help. 如果您无法解决问题,请随时通过gcr-contact@google.com与我们联系,我们将竭诚为您服务。
In your second project (the GKE project), look at the IAM permissions and you will see a user similar to: 123456789-compute@developer.gserviceaccount.com
. 在第二个项目(GKE项目)中,查看IAM权限,您将看到类似于以下用户:
123456789-compute@developer.gserviceaccount.com
。
Then in your first project (the container registry project), grant that user the Storage Object Viewer permission
to allow GKE to pull images. 然后在第一个项目(容器注册表项目)中,向该用户授予“
Storage Object Viewer permission
以允许GKE提取图像。
I hope this article will helpful Using Images from Other Projects我希望这篇文章对使用来自其他项目的图像有所帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.