Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Permission issues while docker push

Tags:

I'm trying to push my docker image to google container image registry but get an error which says I do not have the needed permission to perform this operation.

I have already tried gcloud auth configure-docker but it doesn't work for me.

I first build the image using: docker build -t gcr.io/trynew/hello-world-image:v1 .

Then I'm trying to attach a tag and push it: docker push gcr.io/trynew/hello-world-image:v1

This is my output :

    The push refers to repository [gcr.io/trynew/hello-world-image]      e62774cdb1c2: Preparing      0f6265b750f3: Preparing      f82351274ce3: Preparing      31a16430afc8: Preparing      67298499a3ed: Preparing      62d5f39c8fe4: Waiting      9f8566ee5135: Waiting      unauthorized: You don't have the needed permissions to perform this     operation, and you may have invalid credentials.      To authenticate your request, follow the steps in:  https://cloud.google.com/container-registry/docs/advanced-authentication 
like image 825
Srishti Rawal Avatar asked Apr 01 '19 00:04

Srishti Rawal


2 Answers

Google cloud services have specific information how to grant permissions for docker push, this is the first thing you should have a look I think, https://cloud.google.com/container-registry/docs/access-control

After checking that you have sufficient permissions you should proceed with authentication with something like:

gcloud auth configure-docker 

See more here: https://cloud.google.com/container-registry/docs/pushing-and-pulling

like image 128
Colin Moreno Burgess Avatar answered Oct 02 '22 20:10

Colin Moreno Burgess


In order to be able to push images to the private registry you need two things: API Access Scopes and Authenticate your VM with the registry.

For the API Access Scopes (https://cloud.google.com/container-registry/docs/using-with-google-cloud-platform) we can read in the official documentation:

For GKE:

By default, new Google Kubernetes Engine clusters are created with read-only permissions for Storage buckets. To set the read-write storage scope when creating a Google Kubernetes Engine cluster, use the --scopes option.

For GCE:

By default, a Compute Engine VM has the read-only access scope configured for storage buckets. To push private Docker images, your instance must have read-write storage access scope configured as described in Access scopes.

So first, verify if your GKE cluster or GCE instance actually has the proper scopes set.

The next is to authenticate to the registry:

a) If you are using a Linux based image, you need to use "gcloud auth configure-docker" (https://cloud.google.com/container-registry/docs/advanced-authentication).

b) For Container-Optimized OS (COS), the command is “docker-credential-gcr configure-docker” (https://cloud.google.com/container-optimized-os/docs/how-to/run-container-instance#accessing_private_google_container_registry)

like image 26
Armando Cuevas Avatar answered Oct 02 '22 19:10

Armando Cuevas