泊坞窗推送时的权限问题 [英] Permission issues while docker push
问题描述
我正在尝试将我的docker映像推送到google容器映像注册表,但收到一条错误消息,提示我没有执行此操作所需的权限。
I'm trying to push my docker image to google container image registry but get an error which says I do not have the needed permission to perform this operation.
我已经尝试过gcloud auth configure-docker,但是它对我不起作用。
I have already tried gcloud auth configure-docker but it doesn't work for me.
我首先使用以下命令构建映像:
docker build -t gcr.io/trynew/hello-world-image:v1。
I first build the image using: docker build -t gcr.io/trynew/hello-world-image:v1 .
然后我要附加一个标记并推送:
docker push gcr.io/trynew/hello-world-image:v1
Then I'm trying to attach a tag and push it: docker push gcr.io/trynew/hello-world-image:v1
这是我的输出:
The push refers to repository [gcr.io/trynew/hello-world-image]
e62774cdb1c2: Preparing
0f6265b750f3: Preparing
f82351274ce3: Preparing
31a16430afc8: Preparing
67298499a3ed: Preparing
62d5f39c8fe4: Waiting
9f8566ee5135: Waiting
unauthorized: You don't have the needed permissions to perform this
operation, and you may have invalid credentials.
To authenticate your request, follow the steps in:
https://cloud.google.com/container-registry/docs/advanced-authentication
推荐答案
为了能够将图像推送到私有注册表,您需要做两件事: API访问范围,并使用注册表对虚拟机进行身份验证。
In order to be able to push images to the private registry you need two things: API Access Scopes and Authenticate your VM with the registry.
对于 API访问范围( https://cloud.google.com/container-registry/docs/using-with-google-cloud-platform ),我们可以在官方文档:
For the API Access Scopes (https://cloud.google.com/container-registry/docs/using-with-google-cloud-platform) we can read in the official documentation:
对于GKE:
默认情况下,新的Google Kubernetes Engine集群是使用存储桶的
只读权限创建的。要在创建Google Kubernetes Engine集群时设置读写
存储范围,请使用
--scopes选项。
By default, new Google Kubernetes Engine clusters are created with read-only permissions for Storage buckets. To set the read-write storage scope when creating a Google Kubernetes Engine cluster, use the --scopes option.
对于GCE:
默认情况下,Compute Engine VM具有只读访问范围为存储桶配置的
。要推送私有Docker映像,您的
实例必须具有配置为
的读写存储访问范围,如访问范围所述。
By default, a Compute Engine VM has the read-only access scope configured for storage buckets. To push private Docker images, your instance must have read-write storage access scope configured as described in Access scopes.
因此,首先请验证您的GKE集群或GCE实例是否实际设置了适当的范围。
So first, verify if your GKE cluster or GCE instance actually has the proper scopes set.
下一步是向注册表进行身份验证:
The next is to authenticate to the registry:
a)如果您使用的是基于Linux的映像,您需要使用 gcloud auth configure-docker ( https://cloud.google.com/container-registry/docs/advanced-authentication )。
a) If you are using a Linux based image, you need to use "gcloud auth configure-docker" (https://cloud.google.com/container-registry/docs/advanced-authentication).
b)对于容器优化的OS(COS),命令为 docker-credential-gcr configure-docker ( https://cloud.google.com/container- Optimized-os / docs / how-to / run-container-instance#accessing_private_google_container_registry )
b) For Container-Optimized OS (COS), the command is "docker-credential-gcr configure-docker" (https://cloud.google.com/container-optimized-os/docs/how-to/run-container-instance#accessing_private_google_container_registry)
这篇关于泊坞窗推送时的权限问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!