I'm trying via Jenkins to push an image to the container repository. It was working at first, but now, I got "access denied"

docker -- push gcr.io/xxxxxxx-yyyyy-138623/myApp:master.1
The push refers to a repository [gcr.io/xxxxxxx-yyyyy-138623/myApp]
bdc3ba7fdb96: Preparing
5632c278a6dc: Waiting
denied: Access denied.

the Jenkinsfile look like :

  sh("gcloud docker --authorize-only")
  sh("docker -- push gcr.io/xxxxxxx-yyyyy-138623/hotelpro4u:master.1")

Remarks:

• Jenkins is running in Google Cloud
• If I try in Google Shell or from my computer, it's working
• I followed this tutorial : https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes

I'm stuck while 12 hours.... I need help

That error means that the GKE node is not authorized to push to the GCS bucket that is backing your repository.

This could be because:

1. The cluster does not have the correct scopes to authenticate to GCS. Did you create the cluster w/ --scopes storage-rw?
2. The service account that the cluster is running as does not have permissions on the bucket. Check the IAM & Admin section on your project to make sure that the service account has the necessary role.

Building on @cj-cullen's answer above, you have two options:

1. Destroy the node pool and then, from the CLI, recreate it with the missing https://www.googleapis.com/auth/projecthosting,storage-rw scope. The GKE console does not have the capability to change the default scopes when creating a node pool from the console.

2. Stop each instance in your cluster. In the console, click the edit button for the instance. You should now be able to add the appropriate https://www.googleapis.com/auth/projecthosting,storage-rw scope.