[英]denied: requested access to the resource is denied when pushing image to gitlab registry
I'm trying to push an image to gitlab registry.我正在尝试将图像推送到 gitlab 注册表。
I've done it many times, so I wonder why I get this error.我已经做过很多次了,所以我想知道为什么会出现此错误。
I build the image with latest tag:我用最新的标签构建图像:
Successfully tagged registry.gitlab.com/mycompany/rgpd_api:latest
Then I login and I push:然后我登录并推送:
docker login registry.gitlab.com -u gitlab+deploy-token-91931
docker push registry.gitlab.com/mycompany/rgpd_api:latest
But I get:但我得到:
The push refers to repository [registry.gitlab.com/mycompany/rgpd_api]
be679cc302b9: Preparing
denied: requested access to the resource is denied
I gave gitlab+deploy-token-91931
token both read_repository
and read_registry
rights.我给了gitlab+deploy-token-91931
token read_repository
和read_registry
权限。
My repo is:我的回购是:
https://gitlab.com/mycompany/rgpd_api
I checked with docs page:https://docs.gitlab.com/ee/user/project/container_registry.html我查看了文档页面:https://docs.gitlab.com/ee/user/project/container_registry.html
But when I do it through Gitlab CI, with gitlab-ci-token
但是当我通过 Gitlab CI 和gitlab-ci-token
I can push it normally.我可以正常推动它。
I also tried to regenerate a new token, but still same issue.我也尝试重新生成一个新令牌,但仍然是同样的问题。
How can I fix it?我该如何解决?
I've stumbled upon this question as well and it turns out that我也偶然发现了这个问题,结果证明
denied: requested access to the resource is denied
error message.任何标记不同的图像都将被拒绝并denied: requested access to the resource is denied
错误消息。So, with the setup below:因此,使用以下设置:
mytest
名为mytest
的 GitLab 组hello-world
该组中的项目称为hello-world
registry.gitlab.com/mytest/hello-world
标记为registry.gitlab.com/mytest/hello-world
的 Docker 镜像cat "<deploy_token>" | docker login -u "<token_username>" --password-stdin registry.gitlab.com
Docker 守护程序授权通过cat "<deploy_token>" | docker login -u "<token_username>" --password-stdin registry.gitlab.com
cat "<deploy_token>" | docker login -u "<token_username>" --password-stdin registry.gitlab.com
You will get the following results:您将得到以下结果:
docker push registry.gitlab.com/mytest/hello-world
because such project exists within the group成功推送docker push registry.gitlab.com/mytest/hello-world
,因为该项目存在于组内denied: requested access to the resource is denied
if you try to push an image tagged with the name of the project that does not exist in the group like docker push registry.gitlab.com/mytest/no-project
denied: requested access to the resource is denied
如果您尝试推送标有项目名称但组中不存在的项目名称(如docker push registry.gitlab.com/mytest/no-project
),则请求的资源访问被拒绝So, again, image must be tagged to match an existing path within te group, like an existing project within the group or a subgroup.因此,必须再次标记图像以匹配组中的现有路径,例如组或子组中的现有项目。
My error was to use a deploy token to push a image to a registry.我的错误是使用部署令牌将图像推送到注册表。
A deploy token can be used to pull an image, but not push it.部署令牌可用于拉取镜像,但不能推送。
So, instead, you can generate a Personal Access Token.因此,您可以生成个人访问令牌。 You should add at least permissions:您应该至少添加权限:
read_registry, write_registry
Make sure you have proper configuration in settings.确保您在设置中有正确的配置。
Go to Settings of project, then "Visibility, project features, permissions" and check "Container registry : Every project can have its own space to store its Docker images" (for members only or for everyone, up to you).转到项目的设置,然后“可见性、项目功能、权限”并检查“容器注册表:每个项目都可以有自己的空间来存储其 Docker 映像”(仅限成员或所有人,由您决定)。 Otherwise, the push and pull will be denied.否则,推拉将被拒绝。
This happened to me and that's how I solved it.这发生在我身上,这就是我解决它的方法。
you can make docker logout your registry
and login again.您可以让docker logout your registry
并重新登录。 It's recreate your token.它正在重新创建您的令牌。 this work in my case.就我而言,这项工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.