THa*_*wke 9 docker google-cloud-platform google-container-registry
我正在尝试使用 Google Cloud SDK 将容器推送到 Windows 10 上的 Google Cloud 容器注册表或 Google Cloud Artifact 注册表。我从这两个服务中收到类似的权限错误,但我似乎无法弄清楚原因。对于容器注册表,在推送时我得到:
> docker push us.gcr.io/{PROJECT}/{PATH}/{CONTAINER}:{TAG}
unauthorized: You don't have the needed permissions to perform this operation,
and you may have invalid credentials. To authenticate your request, follow the
steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
对于工件注册表,在推送时我得到:
> docker push northamerica-northeast1-docker.pkg.dev/{PROJECT}/{REPOSITORY}/{CONTAINER}:{TAG}
denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource
"projects/opallabs/locations/northamerica-northeast1/repositories/domar" (or it may not exist)
我跑过gcloud init几次gcloud auth configure-docker。gcloud我可以毫无问题地从命令行创建和编辑 Google Cloud 资源。我是 Google Cloud 项目的所有者,但为了安全起见,我为自己分配了存储管理员、Artifact 注册表管理员、Artifact 注册表存储库管理员。但是,当我gcloud auth print-access-token使用端点运行和分析令牌时https://www.googleapis.com/oauth2/v1/tokeninfo,出现的唯一范围是:
{
...
"scope": "openid https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-
platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute
https://www.googleapis.com/auth/accounts.reauth",
...
}
根据故障排除链接,缺少可能应该存在的https://www.googleapis.com/auth/devstorage.read_write范围,但我不确定为什么会缺少它们。我按照设置说明在我的最后一台 Windows 10 计算机上进行了此操作,但在我的新计算机上相同的设置似乎不起作用。https://www.googleapis.com/auth/devstorage.full_control
我的 docker 凭证帮助器条目:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud",
"northamerica-northeast1-docker.pkg.dev": "gcloud",
"us-central1-docker.pkg.dev": "gcloud"
}
}
> docker-credential-gcloud list
{
"https://asia.gcr.io": "_dcgcloud_token",
"https://eu.gcr.io": "_dcgcloud_token",
"https://gcr.io": "_dcgcloud_token",
"https://marketplace.gcr.io": "_dcgcloud_token",
"https://staging-k8s.gcr.io": "_dcgcloud_token",
"https://us.gcr.io": "_dcgcloud_token"
}
gcloud -v
Google Cloud SDK 311.0.0
beta 2020.09.18
bq 2.0.60
核心 2020.09.18
gsutil 4.53
docker -v
Docker 版本 19.03.13,内部版本 4484c46d9d
小智 25
尝试配置:
gcloud auth configure-docker northamerica-northeast1-docker.pkg.dev
感谢Muss Rahman提供的链接,我能够通过转到 Docker Desktop 中的“设置”->“命令行”并取消选中“启用云体验”开关来进行身份验证。docker 手册中似乎没有该设置,所以我不确定它如何影响身份验证,我所知道的是,对于 Docker 版本 19.03.13,在 Windows 上构建 4484c46d9d,如果您想使用 gcloud 进行身份验证,则需要禁用。
| 归档时间: |
|
| 查看次数: |
21667 次 |
| 最近记录: |