推送码头容器时,Google容器注册表访问被拒绝 [英] Google Container Registry access denied when pushing docker container
问题描述
我尝试将docker容器推送到google容器注册表,使用本教程,但是当我运行
I try to push my docker container to the google container registry, using this tutorial, but when I run
gcloud docker push b.gcr.io/my-bucket/image-name
我收到错误:
The push refers to a repository [b.gcr.io/my-bucket/my-image] (len: 1)
Sending image list
Error: Status 403 trying to push repository my-bucket/my-image: "Access denied."
我找不到任何解释(不,-D,--debug,--verbose参数被认可), gcloud auth list
和 docker info
告诉我我已连接到这两个服务。
I couldn't find any more explanation (no -D, --debug, --verbose arguments were recognized), gcloud auth list
and docker info
tell me I'm connected to both services.
我缺少什么?
推荐答案
使用 gsutil
以检查ACL以确保您有权写入存储桶:
Use gsutil
to check the ACL to make sure you have permission to write to the bucket:
$ gsutil acl get gs://<my-bucket>
您需要检查您使用的帐户是哪个组(所有者编辑者,观众等)
You'll need to check which group the account you are using is in ('owners', 'editors', 'viewers' etc.)
编辑:我最近经历了一个非常类似的问题,而@lampis提到在他的帖子中,这是因为当我创建虚拟机时我没有设置正确的权限范围,因为我正在尝试推送图像。不幸的是,一旦创建了虚拟机,目前还没有办法更改范围,因此您必须删除虚拟机(确保将磁盘设置为自动删除!)并使用正确的范围重新创建虚拟机('compute-rw' ,'storage-rw'似乎是足够的)。这不需要很长时间; - )。
EDIT: I have experienced a very similar problem to this myself recently and, as @lampis mentions in his post, it's because the correct permission scopes were not set when I created the VM I was trying to push the image from. Unfortunately there's currently no way of changing the scopes once a VM has been created, so you have to delete the VM (making sure the disks are set to auto-delete!) and recreate the VM with the correct scopes ('compute-rw', 'storage-rw' seems sufficient). It doesn't take long though ;-).
请参阅 - scopes
部分: https://cloud.google.com/sdk/gcloud/reference/compute/instances/创建
这篇关于推送码头容器时,Google容器注册表访问被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!