Comments (9)
Now that it's there, I think it's great. I've got a handful of horrible solutions for managing JSON Service Account keys. I'm excited to get this into our ops toolchain ASAP.
Thanks for your work!
from docker-credential-gcr.
@millerhooks Can you elaborate on what setup flows you were trying, and what happens when you attempt to docker push/pull
to GCR?
Newer versions of Docker will set docker-credential-osxkeychain
, -wincred
, or -secretservice
as the default credential store during new installations, if possible.
gcloud docker
recommends that users migrate to gcloud
's Docker credential helper using gcloud auth configure-docker
. This is our standalone credential helper which pre-dates the one baked into the gcloud SDK. The confusion is understandable, I'll make sure that that distinction is made front-and-center in the README for this repo.
from docker-credential-gcr.
I think that this feature has evolved over time. At one point, docker-credential-gcr was unable to access the metadata server (nor the service account's access token). I'll fix the doc to note the feature.
from docker-credential-gcr.
I'm pretty upset that gcloud recommends this tool and installation method(s) that do not work at all. On OSX both the gcloud install method and the go install method install docker-credential-osxkeychain
which does not produce the expected behvior.
But did manage to take over how docker and gcloud were configured so now I can't authenticate or push to my registry.
This came in a loud nagging warning about incompatibility coming and then links to this unfinished pile. Now I have to sift through this and try to get my day back.
Credential management has been a problem, this looks like a great step forward, but it was a huge mistake not to test this workflow better. I don't even know where to start with untangling it because it touches so many things. I guess I'll just reinstall gcloud and docker and start fresh.
from docker-credential-gcr.
@dekkagaijin thanks for the quick response! After a few minutes of just being horrified about not being able to push to dockerhub or my private registry, I realized my golang environment variables were not set up properly. I was right in the middle of some pretty unwieldy platform restructuring so it really knocked me for a loop.
WARNING: `gcloud docker` will not be supported for Docker client versions above 18.03. Please use `gcloud auth configure-docker` to configure `docker` to use `gcloud` as a credential helper, then use `docker` as you would for non-GCR registries, e.g. `docker pull gcr.io/project-id/my-image`. Add `--verbosity=error` to silence this warning, e.g. `gcloud docker --verbosity=error -- pull gcr.io/project-id/my-image`. See: https://cloud.google.com/container-registry/docs/support/deprecation-notices#gcloud-docker
ERROR: Docker CLI operation failed:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
error getting credentials - err: exec: "docker-credential-gcloud": executable file not found in $PATH, out: ``
ERROR: (gcloud.docker) Docker login failed.
This is where I ended up before just fixing my go environment. The instructions through the gcloud
cli are totally confusing. I'm back up and running now I think!
from docker-credential-gcr.
Yeah, we tried to make things as easy and debuggable as possible with the configure-docker
commands, but the fact is that there's quite a bit of environmental state that needs to be 'right' for the magic to work. Rest assured that a lot of planning and work went into replacing and deprecating one of gcloud
's most popular commands :)
from docker-credential-gcr.
If your toolchain is running on GCE or App Engine Managed VM, you can associate your service accounts with that VM and docker-credential-gcr
will automagically use its credentials.
from docker-credential-gcr.
@dekkagaijin can your PR be merged? Looks like it was approved.
from docker-credential-gcr.
@jonjohnsonjr danke
from docker-credential-gcr.
Related Issues (20)
- Fix auth test issue
- Handle reauth / invalid_rapt errors more gracefully
- Release versions messed up?
- Non $PATH setup HOT 2
- "Could not retrieve GCR's access token" when using Workload Identity
- OOB OAuth just got turned off HOT 16
- Unable to install a pinned version using `go install` HOT 9
- Seems that Artifact Registry username has changed HOT 3
- Adding an option to extend the life of the token HOT 1
- Output contains invalid Username for AR when installed using normal `go install` HOT 1
- Unable to use binary built from source HOT 1
- Missing version number when running `docker-credential-gcr version`
- v2.1.23 Release contains no pre-built assets HOT 6
- Update docker-credential-gcr version in the google cloud sdk install tarball HOT 1
- Use ldflags to set version
- All v2.0.4 binaries have unexpected SHA256 checksums HOT 5
- Crash when used by Kaniko in Google Cloud Build HOT 2
- Wrong version using component install of Cloud sdk HOT 2
- No release artifacts for v2.0.5? HOT 3
- Does this support Identity Federation from external accounts? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-credential-gcr.