尝试推送到 google 容器存储库时出现身份验证错误。我看到了很多关于此的问题,并将根据其他建议完成我已完成的步骤。我在 Windows 上本地工作,使用最新版本的 gcloud 和 docker。
让我们开始,我有一个具有完全所有者权限的活动服务帐户。
我可以很好地了解我的项目和存储桶。
C:\Program Files (x86)\Google\Cloud SDK>gsutil acl get gs://api-project-773889352370-ml
[
{
"entity": "project-owners-773889352370",
"projectTeam": {
"projectNumber": "773889352370",
"team": "owners"
},
"role": "OWNER"
},
{
"entity": "project-editors-773889352370",
"projectTeam": {
"projectNumber": "773889352370",
"team": "editors"
},
"role": "OWNER"
},
{
"entity": "project-viewers-773889352370",
"projectTeam": {
"projectNumber": "773889352370",
"team": "viewers"
},
"role": "READER"
}
]
我可以为我的服务帐户下载一个 .json 密钥并在本地激活它。
gcloud auth activate-service-account --key-file C:/Users/Ben/Dropbox/Google/MeerkatReader-9fbf10d1e30c.json
我有一组工作的 docker 和登录
C:\Program Files (x86)\Google\Cloud SDK>docker push bw4sz/hello-world
The push refers to a repository [docker.io/bw4sz/hello-world]
a02596fdd012: Layer already exists
latest: digest: sha256:a18ed77532f6d6781500db650194e0f9396ba5f05f8b50d4046b294ae5f83aa4 size: 524
我用主机名和项目 ID 标记我的测试图像(hello-world)并试一试
C:\Program Files (x86)\Google\Cloud SDK>gcloud docker --push gcr.io/api-project-773889352370/hello-world
ERROR: Docker CLI operation failed:
Error response from daemon: Get https://gcr.kubernetes.io/v1/users/: x509: certificate has expired or is not yet valid
ERROR: (gcloud.docker) Docker login failed.
好的,让我们看看这里、这里和这里建议的高级身份验证方法
文档说我可以绕过 gcloud 并直接使用 docker,只需传递我的 .json 密钥文件即可登录。
C:\Program Files (x86)\Google\Cloud SDK>docker login -u _json_key -p "$(cat C:/Users/Ben/Dropbox/Google/MeerkatReader-d77c0d6aa04f.json)" https://gcr.io
Error response from daemon: Get https://gcr.io/v2/: unknown: Unable to parse json key.
文档说分两步执行此操作,让我们尝试一下:
C:\Program Files (x86)\Google\Cloud SDK>set /p PASS=<C:/Users/Ben/Dropbox/Google/MeerkatReader-9fbf10d1e30c.json
C:\Program Files (x86)\Google\Cloud SDK>docker login -e 1234@5678.com -u _json_key -p "%PASS%" https://gcr.io
Flag --email has been deprecated, will be removed in 1.13.
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password
另一个建议是使用临时令牌
C:\Program Files (x86)\Google\Cloud SDK>docker login -e 1234@5678.com -u _token -p "$(gcloud auth print-access-token)" https://gcr.io
Flag --email has been deprecated, will be removed in 1.13.
Login Succeeded
太好了,让我们再次尝试推动。
C:\Program Files (x86)\Google\Cloud SDK>docker push gcr.io/api-project-773889352370/hello-world
The push refers to a repository [gcr.io/api-project-773889352370/hello-world]
a02596fdd012: Preparing
denied: Unable to create the repository, please check that you have access to do so.
我看到有人建议只推送到存储桶而不是项目 ID,这只是挂起
C:\Program Files (x86)\Google\Cloud SDK>docker push gcr.io/api-project-773889352370-ml/hello-world
The push refers to a repository [gcr.io/api-project-773889352370-ml/hello-world]
a02596fdd012: Retrying in 1 second <- goes on forever.
编辑:尝试建议解决方案
C:\Program Files (x86)\Google\Cloud SDK>gcloud auth activate-service-account --key-file C:/Users/Ben/Dropbox/Google/MeerkatReader-9fbf10d1e30c.json
Activated service account credentials for: [773889352370-compute@developer.gserviceaccount.com]
C:\Program Files (x86)\Google\Cloud SDK>gcloud docker -a -s gcr.io
Short-lived access for ['gcr.io'] configured.
C:\Program Files (x86)\Google\Cloud SDK>docker push gcr.io/api-project-773889352370/hello-world
The push refers to a repository [gcr.io/api-project-773889352370/hello-world]
a02596fdd012: Preparing
denied: Unable to create the repository, please check that you have access to do so.