Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Permission issues while docker push

Tags:

I'm trying to push my docker image to google container image registry but get an error which says I do not have the needed permission to perform this operation.

I have already tried gcloud auth configure-docker but it doesn't work for me.

I first build the image using: docker build -t gcr.io/trynew/hello-world-image:v1 .

Then I'm trying to attach a tag and push it: docker push gcr.io/trynew/hello-world-image:v1

This is my output :

    The push refers to repository [gcr.io/trynew/hello-world-image]      e62774cdb1c2: Preparing      0f6265b750f3: Preparing      f82351274ce3: Preparing      31a16430afc8: Preparing      67298499a3ed: Preparing      62d5f39c8fe4: Waiting      9f8566ee5135: Waiting      unauthorized: You don't have the needed permissions to perform this     operation, and you may have invalid credentials.      To authenticate your request, follow the steps in:  https://cloud.google.com/container-registry/docs/advanced-authentication
like image 825
Srishti Rawal Avatar asked Apr 01 '19 00:04

Srishti Rawal

2 Answers

Google cloud services have specific information how to grant permissions for docker push, this is the first thing you should have a look I think, https://cloud.google.com/container-registry/docs/access-control

After checking that you have sufficient permissions you should proceed with authentication with something like:

gcloud auth configure-docker

See more here: https://cloud.google.com/container-registry/docs/pushing-and-pulling

like image 128
Colin Moreno Burgess Avatar answered Oct 02 '22 20:10

Colin Moreno Burgess

In order to be able to push images to the private registry you need two things: API Access Scopes and Authenticate your VM with the registry.

For the API Access Scopes (https://cloud.google.com/container-registry/docs/using-with-google-cloud-platform) we can read in the official documentation:

For GKE:

By default, new Google Kubernetes Engine clusters are created with read-only permissions for Storage buckets. To set the read-write storage scope when creating a Google Kubernetes Engine cluster, use the --scopes option.

For GCE:

By default, a Compute Engine VM has the read-only access scope configured for storage buckets. To push private Docker images, your instance must have read-write storage access scope configured as described in Access scopes.

So first, verify if your GKE cluster or GCE instance actually has the proper scopes set.

The next is to authenticate to the registry:

a) If you are using a Linux based image, you need to use "gcloud auth configure-docker" (https://cloud.google.com/container-registry/docs/advanced-authentication).

b) For Container-Optimized OS (COS), the command is “docker-credential-gcr configure-docker” (https://cloud.google.com/container-optimized-os/docs/how-to/run-container-instance#accessing_private_google_container_registry)

like image 26
Armando Cuevas Avatar answered Oct 02 '22 19:10

Armando Cuevas
Sign in to Comment

Related questions

size of pointers and architecture
“===” equivalent in Java
tsc not creating the dist folder
SwiftUI - State change in UITextField causes the frameWidth to grow uncontrolled and ignore bounds/frame
Is Ruby any good for GUI development? [closed]
How do I efficiently filter computed values within a Python list comprehension?
Overhead associated with OutputDebugString in release build
How do I add more than one row with Zend_Db?
Importing AddressBook data into the iPhone Simulator
Difference between LIKE and = in MYSQL?
Send an email with a HTML file as body (C#)
Is there a function in c that will return the index of a char in a char array?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!