推送码头容器时，Google容器注册表访问被拒绝 [英] Google Container Registry access denied when pushing docker container

问题描述

我尝试将docker容器推送到google容器注册表，使用本教程，但是当我运行

I try to push my docker container to the google container registry, using this tutorial, but when I run

gcloud docker push b.gcr.io/my-bucket/image-name

我收到错误：

The push refers to a repository [b.gcr.io/my-bucket/my-image] (len: 1)
Sending image list
Error: Status 403 trying to push repository my-bucket/my-image: "Access denied."

我找不到任何解释（不，-D，--debug，--verbose参数被认可）， gcloud auth list 和 docker info 告诉我我已连接到这两个服务。

I couldn't find any more explanation (no -D, --debug, --verbose arguments were recognized), gcloud auth list and docker info tell me I'm connected to both services.

我缺少什么？

推荐答案

使用 gsutil 以检查ACL以确保您有权写入存储桶：

Use gsutil to check the ACL to make sure you have permission to write to the bucket:

$ gsutil acl get gs://<my-bucket>

您需要检查您使用的帐户是哪个组（所有者编辑者，观众等）

You'll need to check which group the account you are using is in ('owners', 'editors', 'viewers' etc.)

编辑：我最近经历了一个非常类似的问题，而@lampis提到在他的帖子中，这是因为当我创建虚拟机时我没有设置正确的权限范围，因为我正在尝试推送图像。不幸的是，一旦创建了虚拟机，目前还没有办法更改范围，因此您必须删除虚拟机（确保将磁盘设置为自动删除！）并使用正确的范围重新创建虚拟机（'compute-rw' ，'storage-rw'似乎是足够的）。这不需要很长时间; - ）。

EDIT: I have experienced a very similar problem to this myself recently and, as @lampis mentions in his post, it's because the correct permission scopes were not set when I created the VM I was trying to push the image from. Unfortunately there's currently no way of changing the scopes once a VM has been created, so you have to delete the VM (making sure the disks are set to auto-delete!) and recreate the VM with the correct scopes ('compute-rw', 'storage-rw' seems sufficient). It doesn't take long though ;-).

请参阅 - scopes 部分： https://cloud.google.com/sdk/gcloud/reference/compute/instances/创建

这篇关于推送码头容器时，Google容器注册表访问被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！