堆栈内存溢出
  简体   繁体   English

如何在不同项目中使用容器注册表中的图像?

[英]How to use an image from container registry in different project?

 原文  2015-08-26 23:19:31       google-kubernetes-engine/ google-container-registry

问题描述

I have two projects in Google Cloud.我在 Google Cloud 中有两个项目。 On the first project I have some images in the container registry and i'm using it in the gke.在第一个项目中,我在容器注册表中有一些图像,我在 gke 中使用它。

When I trie to create a container in the second project, it gives me a error:当我尝试在第二个项目中创建容器时,它给了我一个错误:

Error: Status 403 trying to pull repository project-1/image-x: "Access denied."错误:状态 403 试图提取存储库 project-1/image-x:“访问被拒绝。”

How can i use those images in the gke but in different project?我如何在 gke 但在不同的项目中使用这些图像? I don't want to create the same images in the second project.我不想在第二个项目中创建相同的图像。

2 个解决方案

解决方案1
 3  2015-08-26 23:47:21

You can modify who the images are visible to by using the access control settings available on the Google Cloud Storage bucket that they're stored in. 您可以使用存储在Google Cloud Storage存储桶中的访问控制设置来修改对谁可见的图像。

Reference: https://cloud.google.com/container-registry/docs/access-control 参考: https : //cloud.google.com/container-registry/docs/access-control

If you just want to make all your images readable to the entire world, then the command from this other StackOverflow answer should help: gsutil -m acl -r set public-read gs://bucket-name gsutil -m defacl set public-read gs://bucket-name 如果您只是想让所有图像对全世界都可读,那么来自另一个StackOverflow答案的命令应该会有所帮助: gsutil -m acl -r set public-read gs://bucket-name gsutil -m defacl set public-read gs://bucket-name

解决方案2
 1  2015-08-27 04:03:19

This is discussed in detail in my answer here: Access google container registry without the gcloud client 我在这里的答案中对此进行了详细讨论:在没有gcloud客户端的情况下访问Google容器注册表

If you cannot get things working, also feel free to reach out to us at gcr-contact@google.com, and we'd be happy to help. 如果您无法解决问题,请随时通过gcr-contact@google.com与我们联系,我们将竭诚为您服务。

解决方案3
 0  2017-08-07 17:51:58

In your second project (the GKE project), look at the IAM permissions and you will see a user similar to: 123456789-compute@developer.gserviceaccount.com . 在第二个项目(GKE项目)中,查看IAM权限,您将看到类似于以下用户: 123456789-compute@developer.gserviceaccount.com

Then in your first project (the container registry project), grant that user the Storage Object Viewer permission to allow GKE to pull images. 然后在第一个项目(容器注册表项目)中,向该用户授予“ Storage Object Viewer permission以允许GKE提取图像。

解决方案4
 -1  2022-09-02 00:38:10

I hope this article will helpful Using Images from Other Projects我希望这篇文章对使用来自其他项目的图像有所帮助

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 Azure Container Registry 拉取镜像到 Azure Container Instances 时如何使用 SystemAssigned identity? - How can I use a SystemAssigned identity when pulling an image from Azure Container Registry into Azure Container Instances? 如何避免在部署 yaml 中输入映像版本并使用 azure 容器注册表中的最新映像 - How to avoid having to enter image version in deployment yaml and use most recent image from azure container registry 如何从 Google Container Registry 中彻底删除容器映像? - How can I cleanly remove a container image from the Google Container Registry? 容器优化 VM - 如何强制从注册表中拉取(而不是使用本地图像:标签)? - Container Optimized VM - How to force pulling from registry (and not using local image:tag)? GCP - 无法将 docker 图像从 Compute Engine 推送到 Container Registry - GCP - Not able to Push docker image from Compute Engine to Container Registry 如何自动从 Artifact Registry 中删除图像 - How to remove an image from Artifact Registry automatically 如何从 AWS ECR 容器注册表中删除未标记的图像 - How to delete untagged images from AWS ECR Container Registry 如何在 CLI 中按图像大小顺序列出 Google Container Registry 中已发布的容器图像 - How to list the published container images in the Google Container Registry in a CLI in image size order 尝试从 Google Container Registry 拉取图像时出现 401 Unauthorized 错误 - 401 Unauthorized error while trying to pull image from Google Container Registry Azure 批处理 NodePreparationError 试图从 Azure Container Registry 获取 Docker 图像 - Azure Batch NodePreparationError trying to fetch Docker image from Azure Container Registry
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM