Comments (2)
I hit the similar issue while i was trying to upload the docker image to GCR from container optimized OS, i ran the following sequence of command,
- Created a service account and assigned Storage Admin privileges.
- Downloaded the JSON key
- Executed
docker-credential-gcr configure-docker
- Logged in with docker command -
docker login -u _json_key -p "$(cat ./mygcrserviceaccount.JSON)" https://gcr.io
- Tried pushing the image gcr -
docker push gcr.io/project-id/imagename:tage01
It failed with following error,
denied: Token exchange failed for project 'project-id'. Caller does not have permission 'storage.buckets.create'. To configure permissions, follow instructions at: https://cloud.google.com/container-registry/docs/access-control
I tried giving every possible permission to my service account through IAM role but it would fail with same error.
After reading this issue i did the following changes,
- Removed the docker config directory
rm -rf ~/.docker
- Executed
docker-credential-gcr configure-docker
- Stored the JSON key into variable named GOOGLE_APPLICATION_CREDENTIALS
GOOGLE_APPLICATION_CREDENTIALS=/path/to/mygcrserviceaccount.JSON
- Logged in with docker command -
docker login -u _json_key -p "$(cat ${GOOGLE_APPLICATION_CREDENTIALS})" https://gcr.io
- Executed docker push command -
docker push gcr.io/project-id/imagename:tage01
Voila, it worked like a charm!
from docker-credential-gcr.
Assuming you're using gcloud and not a JSON key or environment-based auth, gcloud auth list
should show you the current active account.
The auth attribute value in the config file is probably leftover from doing a docker login
with some credentials. You shouldn't need an auths entry for the credential helper to work, e.g. my config looks like this:
{
"auths": {},
"credHelpers": {
"asia.gcr.io": "gcr",
"eu.gcr.io": "gcr",
"gcr.io": "gcr",
"us.gcr.io": "gcr"
}
}
It may be that you just need to clear that secret in the auths entry.
from docker-credential-gcr.
Related Issues (20)
- Fix auth test issue
- Handle reauth / invalid_rapt errors more gracefully
- Release versions messed up?
- Non $PATH setup HOT 2
- "Could not retrieve GCR's access token" when using Workload Identity
- OOB OAuth just got turned off HOT 16
- Unable to install a pinned version using `go install` HOT 9
- Seems that Artifact Registry username has changed HOT 3
- Adding an option to extend the life of the token HOT 1
- Output contains invalid Username for AR when installed using normal `go install` HOT 1
- Unable to use binary built from source HOT 1
- Missing version number when running `docker-credential-gcr version`
- Check for either podman or docker in $PATH HOT 2
- Update docker-credential-gcr version in the google cloud sdk install tarball HOT 1
- Use ldflags to set version
- All v2.0.4 binaries have unexpected SHA256 checksums HOT 5
- Crash when used by Kaniko in Google Cloud Build HOT 2
- Wrong version using component install of Cloud sdk HOT 2
- No release artifacts for v2.0.5? HOT 3
- Does this support Identity Federation from external accounts? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-credential-gcr.