Docker 图像推送到谷歌容器注册表不起作用

Question

When i push a image from a jenkins to gcr following error occurs: denied: Unable to write blob sha256

Even if i set the registry public it is not possible. The same error occurs

Answer 1

I've been facing the same issue, and eventually solved it by removing the problematic Docker image layer, using the Console UI: https://console.cloud.google.com/storage/browser/artifacts ..appspot.com/containers/images/

Error message looks like:

denied: Unable to write blob sha256:050eee1aec04cc914bf96e8f4dee7767510c2aca3816af6078ba6fbe3150920e

File name in the artifacts bucket will match exactly the blob name: sha256:050eee1aec04cc914bf96e8f4dee7767510c2aca3816af6078ba6fbe3150920e .

Delete it, and try again. Hope it helps!

Answer 2

My problem sounded likewise. First, I managed to temporary fix it with @michael-bouvy's solution above, by manual deleting the conflicting images.

What have I done to fix it permanently is adding permission in GC IAM to the appropriate custom role of the identity that performs pushing. Namely, in addition to existing ones:

storage.buckets.get
storage.objects.create
storage.objects.get
storage.objects.list

I appended two more:

storage.objects.delete
storage.objects.update

Basically, these permissions just looked like those that required for temporary manual operations.

Answer 3

Use the below command to push to Google container registry.

withCredentials([file(credentialsId: 'google_crd_file', variable: 'filekey')]) {
                        sh """
                        gcloud auth activate-service-account --key-file=${filekey}
                        gcloud auth configure-docker
                        docker login -u _json_key --password-stdin https://eu.gcr.io < $filekey
                        docker push eu.gcr.io/<PROJECT_ID>/<IMAGE_NAME>:<VERSION>
                      """

"google_crd_file" is the ID of the credential stored in the Jenkins.