推送到Google容器注册表失败:重试 [英] Push to google container registry fails: Retrying
问题描述
我正在尝试从我的詹金斯推送到Google容器注册表.该构建在Kubernetes Jenkins插件中运行,该插件使用gcr.io/cloud-solutions-images/jenkins-k8s-slave将Docker映像构建到Kubernetes本机Docker中.
I'm trying to push to the Google container registry from my Jenkins. The builds run inside the Kubernetes Jenkins Plugin, which uses the gcr.io/cloud-solutions-images/jenkins-k8s-slave to build the docker image into the Kubernetes native Docker.
在对Google容器注册表进行身份验证之后,我试图推送新生成的映像.这是我的管道脚本:
After authenticating to the Google container registry I'm trying to push the newly built image. This is my pipeline script:
def imageTag = 'gcr.io/project-id/tag'
def version = version from pom
sh './mvnw package'
sh "docker build -t $imageTag:$version ."
sh('gcloud auth activate-service-account --key-file=$FILE')
sh('docker login -p $(gcloud auth print-access-token) -u _token https://gcr.io')
sh("gcloud docker -- push $imageTag:$version")
推送失败,显示以下输出:
The push fails with the following output:
c6ff94654483: Preparing
209db64c273a: Preparing
762429e05518: Preparing
2be465c0fdf6: Preparing
5bef08742407: Preparing
c6ff94654483: Retrying in 5 seconds
5bef08742407: Retrying in 5 seconds
209db64c273a: Retrying in 5 seconds
2be465c0fdf6: Layer already exists
762429e05518: Layer already exists
c6ff94654483: Retrying in 4 seconds
5bef08742407: Retrying in 4 seconds
209db64c273a: Retrying in 4 seconds
c6ff94654483: Retrying in 3 seconds
5bef08742407: Retrying in 3 seconds
209db64c273a: Retrying in 3 seconds
c6ff94654483: Retrying in 2 seconds
5bef08742407: Retrying in 2 seconds
209db64c273a: Retrying in 2 seconds
c6ff94654483: Retrying in 1 second
5bef08742407: Retrying in 1 second
209db64c273a: Retrying in 1 second
5bef08742407: Retrying in 10 seconds
...
unexpected EOF
推荐答案
此问题的根本原因是您的docker守护进程未使用推送到gcr.io所需的凭据进行身份验证.对于原始问题,我相信这可能是因为所使用的用户帐户是_token
而不是oauth2accesstoken
.
The root cause of this issue is that your docker daemon is not authenticated with the credentials necessary to push to gcr.io. For the original question, I believe this is likely because the user account being used was _token
instead of oauth2accesstoken
.
我遇到了与此类似的错误,除了我没有使用docker login
而是使用了docker-credential-gcr
并且遇到了相同的unexpected EOF
错误.
I was experiencing an error similar to this, except that instead of using docker login
, I was using docker-credential-gcr
and was getting the same unexpected EOF
error.
我的问题是我正在GCE上运行,docker-credential-gcr
正在通过GCE元数据API检测并使用其他服务帐户.
My problem was the fact that I was running on GCE, from which docker-credential-gcr
was detecting and using a different service account via the GCE metadata API.
因此,对于在GCP上运行并尝试通过docker-credential-gcr
验证服务帐户的其他遇到此问题的人,您需要告诉它仅查看gcloud
凭据,而不是查看环境.元数据API详细信息.我的流程现在看起来像这样:
So, for others experiencing this issue who are running on GCP and trying to authenticate a service account via docker-credential-gcr
, you need to tell it to only look at the gcloud
credentials, instead of looking at the environment for the metadata API details. My flow looks like this now:
gcloud auth activate-service-account --key-file=$FILE
docker-credential-gcr configure-docker --token-source="gcloud"
docker push gcr.io/....
希望它对某人有帮助.
这篇关于推送到Google容器注册表失败:重试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!