[英]Google Container Registry: Permission issue while trying to pull/push images with authenticated credentials
在Ubuntu-22中,已經通過snap store安裝了google-cloud ;
> whereis gcloud
gcloud: /snap/bin/gcloud
> snap list | grep google
google-cloud-sdk 432.0.0 346 latest/stable google-cloud-sdk** classic
Docker 也已通過snap安裝;
> snap list | grep docker
docker 20.10.24 2893 latest/stable canonical**
並且我已將我的帳戶驗證為私人 GCR,如下所示;
> gcloud auth login
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?...<long_url>
You are now logged in as [<my_email@address.com>].
Your current project is [<desired_project_name>]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
仔細檢查登錄過程;
> gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* <my_email@address.com>
To set the active account, run:
$ gcloud config set account `ACCOUNT`
但是,當我嘗試拉取或推送任何圖像時,我遇到了以下權限問題;
unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
我能夠訪問我嘗試從我的瀏覽器中的私有 GCR 中提取的圖像,這讓我認為這是在我的終端中執行docker pull時與 creds 相關的問題。
我在這里錯過了什么?
PS:這對我不起作用無法推送到 Google Container Registry - 權限問題
編輯:
正如評論中所問,我需要提到我在auth login之前又執行了一個步驟,即gcloud auth configure-docker ;
> gcloud auth configure-docker
Adding credentials for all GCR repositories.
WARNING: A long list of credential helpers may cause delays running 'docker build'. We recommend passing the registry name to configure only the registry you are using.
After update, the following will be written to your Docker config file located at
[/home/<user>/.docker/config.json]:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
...
}
}
Do you want to continue (Y/n)?
Docker configuration file updated.
刪除snap安裝並使用docker管理器apt安裝 docker 解決了我的問題。
我在兩個安裝之間觀察到的差異;
snap ,一旦gcloud auth login將我定向到瀏覽器,只需選擇 google 帳戶即可完成身份驗證(請參閱我的問題中的第三個代碼塊,沒有詢問authorization code )。apt ,在選擇所需的谷歌帳戶后,我被定向到另一個頁面,其中提供了需要在終端中輸入的authorization code ;> gcloud auth login
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?...<long_url>
Enter authorization code: <Code_from_browser> // This is the difference!!
You are now logged in as [<my_email@address.com>].
Your current project is [<desired_project_name>]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
謝謝@JohnHanley指出docker推薦apt安裝。
嘗試從 Google Container Registry 拉取圖像時出現 401 Unauthorized 錯誤
[英]401 Unauthorized error while trying to pull image from Google Container Registry
如何設置 Jib 容器以使用 docker 遠程注冊表進行身份驗證以拉取圖像?
[英]How to setup Jib container to authenticate with docker remote registry to pull images?
錯誤:7 PERMISSION_DENIED:您的應用程序已使用來自 Google Cloud SDK 的最終用戶憑據進行了身份驗證
[英]Error: 7 PERMISSION_DENIED: Your application has authenticated using end user credentials from the Google Cloud SDK
Google Container Registry:防止一組用戶推送保留標簽名稱
[英]Google Container Registry : Prevent a group of users to push reserved tag names
驗證 Google Compute Engine (GCE) 以從 Google Container Registry (GCR) 中提取圖像
[英]Authenticate Google Compute Engine (GCE) to Pull Image from Google Container Registry (GCR)
PERMISSION_DENIED:您的應用程序已使用來自 Google Dialogflow 中的 Google Cloud SDK 的最終用戶憑據進行了身份驗證
[英]PERMISSION_DENIED: Your application has authenticated using end user credentials from the Google Cloud SDK in Google Dialogflow
Google Cloud Container Registry/Artifact Registry 權限
[英]Google Cloud Container Registry/Artifact Registry Permissions
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.