[英]Unable to push docker image to GCP registry : denied: Token exchange failed for project <my_project_id> Access denied
While trying to push a docker image on Google Cloud Registry using Google cloud cli, i am getting an error : 在尝试使用Google Cloud cli在Google Cloud Registry上推送泊坞窗图片时,我收到错误消息:
denied: Token exchange failed for project . 否认:令牌交换失败的项目。 Access denied.
拒绝访问。
I have followed the below steps : 我按照以下步骤操作:
google-cloud-sdk/bin/gcloud auth activate-service-account --key-file <path_to_json_file>
docker login -u _json_key --password-stdin https://asia.gcr.io < path_to_json_file
Built and tagged a docker image. 构建并标记了泊坞窗图像。
Tried pushing an image to GCR using following command : 尝试使用以下命令将图像推送到GCR:
docker push "asia.gcr.io/$GCLOUD_PROJECT_ID/$IMAGE_NAME:latest"
I am getting result as follows: 我得到的结果如下:
The push refers to repository [asia.gcr.io/<my_project_id>/<my_image_name>]
1bd77e11e1bf: Preparing
b57c79f4a9f3: Preparing
d60e01b37e74: Preparing
e45cfbc98a50: Preparing
762d8e1a6054: Preparing
denied: Token exchange failed for project <my_project_id>. Access denied.
Note : 1. My GCR API is already enabled. 注意:1。我的GCR API已启用。
Docker version I am using is 'Docker version 18.09.2, build 6247962' 我正在使用的Docker版本是“Docker版本18.09.2,版本6247962”
I am using windows machine where Google cloud CLI is installed. 我正在使用安装了Google云CLI的Windows机器。 So all the operations are being performed from Widows only.
因此,所有操作仅从Widows执行。
Same thing I have tried on Gitlab image 'Docker:latest' in my Gitlab pipeline. 我在我的Gitlab管道中尝试过Gitlab图像'Docker:latest'。 Error is same at both places (My local Windows machine and Gitlab Pipeline)
两个地方的错误都是一样的(我的本地Windows机器和Gitlab管道)
You don't need step #3 because you're authenticating Docker (not gcloud) to use the service account's credentials. 您不需要步骤#3,因为您正在验证Docker(而不是gcloud)以使用服务帐户的凭据。
It works for me on a Linux (Cloud Shell) instance; 它适用于Linux(Cloud Shell)实例; I assume GitLab uses Linux.
我假设GitLab使用Linux。 I've not tried from a Windows machine.
我没试过Windows机器。
I recommend you check that you're referring to the correct service account, key, project etc. As is mentioned in the comments, the service account needs >= roles/storage.admin
我建议您检查您是否指的是正确的服务帐户,密钥,项目等。如评论中所述,服务帐户需要> =
roles/storage.admin
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.