推送到谷歌容器注册表失败:重试 [英] Push to google container registry fails: Retrying
问题描述
我正在尝试从我的 Jenkins 推送到 Google 容器注册表.构建在 Kubernetes Jenkins 插件中运行,该插件使用 gcr.io/cloud-solutions-images/jenkins-k8s-slave 将 docker 镜像构建到 Kubernetes 原生 Docker 中.
I'm trying to push to the Google container registry from my Jenkins. The builds run inside the Kubernetes Jenkins Plugin, which uses the gcr.io/cloud-solutions-images/jenkins-k8s-slave to build the docker image into the Kubernetes native Docker.
对 Google 容器注册表进行身份验证后,我正在尝试推送新建的映像.这是我的管道脚本:
After authenticating to the Google container registry I'm trying to push the newly built image. This is my pipeline script:
def imageTag = 'gcr.io/project-id/tag'
def version = version from pom
sh './mvnw package'
sh "docker build -t $imageTag:$version ."
sh('gcloud auth activate-service-account --key-file=$FILE')
sh('docker login -p $(gcloud auth print-access-token) -u _token https://gcr.io')
sh("gcloud docker -- push $imageTag:$version")
推送失败,输出如下:
c6ff94654483: Preparing
209db64c273a: Preparing
762429e05518: Preparing
2be465c0fdf6: Preparing
5bef08742407: Preparing
c6ff94654483: Retrying in 5 seconds
5bef08742407: Retrying in 5 seconds
209db64c273a: Retrying in 5 seconds
2be465c0fdf6: Layer already exists
762429e05518: Layer already exists
c6ff94654483: Retrying in 4 seconds
5bef08742407: Retrying in 4 seconds
209db64c273a: Retrying in 4 seconds
c6ff94654483: Retrying in 3 seconds
5bef08742407: Retrying in 3 seconds
209db64c273a: Retrying in 3 seconds
c6ff94654483: Retrying in 2 seconds
5bef08742407: Retrying in 2 seconds
209db64c273a: Retrying in 2 seconds
c6ff94654483: Retrying in 1 second
5bef08742407: Retrying in 1 second
209db64c273a: Retrying in 1 second
5bef08742407: Retrying in 10 seconds
...
unexpected EOF
推荐答案
这个问题的根本原因是你的 docker 守护进程没有使用推送到 gcr.io 所需的凭据进行身份验证.对于最初的问题,我认为这可能是因为使用的用户帐户是 _token 而不是 oauth2accesstoken.
The root cause of this issue is that your docker daemon is not authenticated with the credentials necessary to push to gcr.io. For the original question, I believe this is likely because the user account being used was _token instead of oauth2accesstoken.
我遇到了与此类似的错误,除了我没有使用 docker login,而是使用 docker-credential-gcr 并且得到了相同的 意外的 EOF 错误.
I was experiencing an error similar to this, except that instead of using docker login, I was using docker-credential-gcr and was getting the same unexpected EOF error.
我的问题是我在 GCE 上运行,docker-credential-gcr 通过 GCE 元数据 API 检测并使用不同的服务帐户.
My problem was the fact that I was running on GCE, from which docker-credential-gcr was detecting and using a different service account via the GCE metadata API.
因此,对于在 GCP 上运行并尝试通过 docker-credential-gcr 验证服务帐户的其他人遇到此问题,您需要告诉它只查看 gcloud 凭证,而不是查看元数据 API 详细信息的环境.我的流程现在看起来像这样:
So, for others experiencing this issue who are running on GCP and trying to authenticate a service account via docker-credential-gcr, you need to tell it to only look at the gcloud credentials, instead of looking at the environment for the metadata API details. My flow looks like this now:
gcloud auth activate-service-account --key-file=$FILE
docker-credential-gcr configure-docker --token-source="gcloud"
docker push gcr.io/....
希望对某人有所帮助.
这篇关于推送到谷歌容器注册表失败:重试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
