While trying to push a docker image on Google Cloud Registry using Google cloud cli, i am getting an error :
denied: Token exchange failed for project . Access denied.
I have followed the below steps :
google-cloud-sdk/bin/gcloud auth activate-service-account --key-file <path_to_json_file>
docker login -u _json_key --password-stdin https://asia.gcr.io < path_to_json_file
Built and tagged a docker image.
Tried pushing an image to GCR using following command :
docker push "asia.gcr.io/$GCLOUD_PROJECT_ID/$IMAGE_NAME:latest"
I am getting result as follows:
The push refers to repository [asia.gcr.io/<my_project_id>/<my_image_name>]
1bd77e11e1bf: Preparing
b57c79f4a9f3: Preparing
d60e01b37e74: Preparing
e45cfbc98a50: Preparing
762d8e1a6054: Preparing
denied: Token exchange failed for project <my_project_id>. Access denied.
Note : 1. My GCR API is already enabled.
Docker version I am using is 'Docker version 18.09.2, build 6247962'
I am using windows machine where Google cloud CLI is installed. So all the operations are being performed from Widows only.
Same thing I have tried on Gitlab image 'Docker:latest' in my Gitlab pipeline. Error is same at both places (My local Windows machine and Gitlab Pipeline)
You don't need step #3 because you're authenticating Docker (not gcloud) to use the service account's credentials.
It works for me on a Linux (Cloud Shell) instance; I assume GitLab uses Linux. I've not tried from a Windows machine.
I recommend you check that you're referring to the correct service account, key, project etc. As is mentioned in the comments, the service account needs >= roles/storage.admin
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.