Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to properly login to use private images from GCR in Gitlab-ci?

Tags:

docker

google-cloud-platform

gitlab-ci

gitlab-ci-runner

I'm trying to login into CGR and use some private docker images in Gitlab-ci runner.

I have made a new project in Google Cloud and activated the Google Cloud Registry API. I also made a new Service Account (IAM) in which I gave ownership permission to the previous Cloud Registry instance. Then I produced a json key. I tested the key with the following gitlab-ci configuration and in the local machine:

image: docker:latest
services:
  - docker:dind
auth:
  stage: auth
  script:
    - docker login -u _json_key --password-stdin https://gcr.io < ./keyfile.json

It seems to be authenticated and authorised to push/pull images.

What I need to do is to have the following, I need to go to my private repository and use those images in the gitlab-ci runner. Something like this:

before_script:
    - docker login -u _json_key --password-stdin https://gcr.io < ./keyfile.json

build:
  stage: build
  image: gcr.io/image-repo/image
  script:
    - gradle clean build

deploy:
  stage: deploy
  image: gcr.io/image-repo/image
  script:
    - gradle publish
  only:
    - master

However, I keep on getting this error:

Running with gitlab-runner 11.10.1 (1f513601) on docker-auto-scale 0277ea0f Using Docker executor with image gcr.io/image-repo/image ... Pulling docker image gcr.io/image-repo/image ... ERROR: Preparation failed: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication (executor_docker.go:168:0s) Will be retried in 3s ...

like image 737
André Guerra Avatar asked May 25 '19 10:05

André Guerra

1 Answers

I achieved a practical solution:

One needs to use the wind service to have a reseted docker configuration and then login, for instance in their local machine using:

docker login -u _json_key --password-stdin https://gcr.io < ./keyfile.json

Then, just just copy the configuration present in ~/.docker/config.json to the variable DOCKER_AUTH_CONFIG in Gitlab CI and you're set to go.

like image 138
André Guerra Avatar answered Oct 11 '22 11:10

André Guerra
Sign in to Comment

Related questions

Can I query a remote docker registry for image information (such as OS)?
How to get browsable url from Docker-for-mac or Docker-for-Windows?
Conditionally detecting whether a Node server is running inside a Docker Container
Cannot run or delete images or container (fail overlay2)
Docker app cannot be accessed through opened ports
docker-compose build, how to tag image
What is the difference between docker-compose file and docker file?
How to specify in Dockerfile that the image is interactive?
Problems with building image using snap docker
How to connect persistent storage to Google Cloud Build?
Resource limits specified in docker-compose.yml not taken into account by docker
PhpStorm not displaying xdebug as stopped on breakpoint (docker)
open a file in docker container with vscode
Generate list of Windows-like friendly time zone names on Linux .NET Core
Error when running in Docker The specified framework 'Microsoft.AspNetCore.App', version '2.1.6' was not found. on
Dockerized Loopback 4 app not reachable from the host
How to access Docker container's internal IP address from host?
How to deploy a Laravel Web Application on Alpine Linux using Docker?
How /var/run/docker.sock works for windows Docker?
How to accept the license agreement when building rti-connext-dds-5.3.1 with docker build?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!