堆栈内存溢出
  简体   繁体   English

服务帐户无法将 Docker 图像推送到 Google Artifact Registry

[英]Service Account Unable to Push Docker Image to Google Artifact Registry

 原文  2022-04-29 18:43:37       google-cloud-platform/ gcloud/ google-cloud-run/ service-accounts/ google-artifact-registry

问题描述

I am trying to push a Docker image to Google Artifact Registry (GAR) while impersonating a Service Account ( $SERV_ACCT_EMAIL ):我试图在模拟服务帐户 ( $SERV_ACCT_EMAIL ) 时将 Docker 图像push送到 Google Artifact Registry (GAR):

denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/$GCP_PROJECT_ID/locations/us-west1/repositories/$GAR_REPOSITORY" (or it may not exist)被拒绝:资源“projects/$GCP_PROJECT_ID/locations/us-west1/repositories/$GAR_REPOSITORY”上的权限“artifactregistry.repositories.downloadArtifacts”被拒绝(或者它可能不存在)

$SERV_ACCT_EMAIL has Artifact Registry Writer ( roles/artifactregistry.writer ) and Artifact Registry Reader ( roles/artifactregistry.reader ) roles; $SERV_ACCT_EMAIL具有 Artifact Registry Writer ( roles/artifactregistry.writer ) 和 Artifact Registry Reader ( roles/artifactregistry.reader ) 角色; the latter of which has the permission artifactregistry.repositories.downloadArtifacts .后者具有权限artifactregistry.repositories.downloadArtifacts Thus, if the resource is granted access to $SERV_ACCT_EMAIL , I believe I will indeed be able to push those artifacts.因此,如果资源被授予访问$SERV_ACCT_EMAIL的权限,我相信我确实能够push这些工件。

How do I push to GAR while impersonating $SERV_ACCT_EMAIL ?如何在模拟$SERV_ACCT_EMAILpush送到 GAR?

1 个解决方案

解决方案1
 2 已采纳  2022-04-29 22:07:35

You may need to configure-docker while impersonating your service account ( $SERVICE_ACCOUNT_EMAIL ):您可能需要在模拟您的服务帐户 ( $SERVICE_ACCOUNT_EMAIL ) 时configure-docker

  1. Check to make sure you are still impersonating $SERVICE_ACCOUNT_EMAIL :检查以确保您仍在冒充$SERVICE_ACCOUNT_EMAIL

     gcloud auth list #=> Credentialed Accounts ACTIVE ACCOUNT. . . * $SERVICE_ACCOUNT_EMAIL. . .

    if not:如果不:

     gcloud auth activate-service-account \ "$SERVICE_ACCOUNT_EMAIL" \ --key-file=$SERVICE_ACCOUNT_JSON_FILE_PATH #=> Activated service account credentials for: [$SERVICE_ACCOUNT_EMAIL]

  2. Run the configure-docker command against the auth group:针对auth组运行configure-docker命令:

     gcloud auth configure-docker us-west1-docker.pkg.dev #=>. . . Adding credentials for: us-west1-docker.pkg.dev. . .

  3. Finally, try push ing the Docker image again.最后,再次尝试push Docker 图像。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法使用 OCI 将 Helm Chart 推送到 Google Cloud Artifact Registry - Unable to push Helm Chart to Google Cloud Artifact Registry using OCI 无法将 docker 映像推送到 heroku 注册表 - Unable to push docker image to heroku registry Cloud Build 不会将我的 Docker 图像推送到带有 cloudbuild.yaml 图像字段的 Artifact Registry - Cloud Build does not push my Docker image to Artifact Registry with images field in cloudbuild.yaml 在 docker 图片上验证 Google Cloud 服务帐户 - Authenticate Google Cloud service account on docker image 无法从 Azure 注册表中的 docker 图像运行 Azure Web 服务 - Unable to run Azure Web Service from a docker image in an Azure Registry 是否可以跟踪 Google Artifact Registry 中 docker 的拉取次数? - Is it possible track the number of docker pulls in Google Artifact Registry? Google Cloud Artifact Registry Docker 具有虚拟大小的图像的存储定价 - Google Cloud Artifact Registry Docker Storage pricing for images with Virtual size 如何将 docker 图像从私有第三方注册表迁移到 Google 神器注册表? - How to migrate docker images from private third party registry to Google artifact registry? 谷歌云:Artifact Registry 与 Container Registry - Google Cloud: Artifact Registry vs Container Registry Docker 图像无法在 Google Container Registry 上构建 - Docker image fails to build on Google Container Registry
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM