Google Cloud Jenkins gcloud push access denied

2019-05-22 14:14发布

站内问答 / Kubernetes
1043 2 5

I'm trying via Jenkins to push an image to the container repository. It was working at first, but now, I got "access denied"

docker -- push gcr.io/xxxxxxx-yyyyy-138623/myApp:master.1
The push refers to a repository [gcr.io/xxxxxxx-yyyyy-138623/myApp]
bdc3ba7fdb96: Preparing
5632c278a6dc: Waiting
denied: Access denied.

the Jenkinsfile look like :

  sh("gcloud docker --authorize-only")
  sh("docker -- push gcr.io/xxxxxxx-yyyyy-138623/hotelpro4u:master.1")

Remarks:

I'm stuck while 12 hours.... I need help

2条回答
手持菜刀,她持情操
2楼-- · 2019-05-22 14:27

That error means that the GKE node is not authorized to push to the GCS bucket that is backing your repository.

This could be because:

  1. The cluster does not have the correct scopes to authenticate to GCS. Did you create the cluster w/ --scopes storage-rw?
  2. The service account that the cluster is running as does not have permissions on the bucket. Check the IAM & Admin section on your project to make sure that the service account has the necessary role.
查看更多
0人赞 添加讨论(0) 举报
啃猪蹄的小仙女
3楼-- · 2019-05-22 14:42

Building on @cj-cullen's answer above, you have two options:

  1. Destroy the node pool and then, from the CLI, recreate it with the missing https://www.googleapis.com/auth/projecthosting,storage-rw scope. The GKE console does not have the capability to change the default scopes when creating a node pool from the console.

  2. Stop each instance in your cluster. In the console, click the edit button for the instance. You should now be able to add the appropriate https://www.googleapis.com/auth/projecthosting,storage-rw scope.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)