Docker Google云容器注册表/工件注册表权限
我正在尝试使用Google Cloud SDK将容器推送到Windows 10上的Google Cloud容器注册表或Google Cloud工件注册表。我从这两个服务中都得到了类似的权限错误,但我似乎不知道为什么。对于容器注册表,推送时我得到:Docker Google云容器注册表/工件注册表权限,docker,google-cloud-platform,google-container-registry,Docker,Google Cloud Platform,Google Container Registry,我正在尝试使用Google Cloud SDK将容器推送到Windows 10上的Google Cloud容器注册表或Google Cloud工件注册表。我从这两个服务中都得到了类似的权限错误,但我似乎不知道为什么。对于容器注册表,推送时我得到: > docker push us.gcr.io/{PROJECT}/{PATH}/{CONTAINER}:{TAG} unauthorized: You don't have the needed permissions to perform t
> docker push us.gcr.io/{PROJECT}/{PATH}/{CONTAINER}:{TAG}
unauthorized: You don't have the needed permissions to perform this operation,
and you may have invalid credentials. To authenticate your request, follow the
steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
> docker push northamerica-northeast1-docker.pkg.dev/{PROJECT}/{REPOSITORY}/{CONTAINER}:{TAG}
denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource
"projects/opallabs/locations/northamerica-northeast1/repositories/domar" (or it may not exist)
对于工件注册表,推送时我得到:
> docker push us.gcr.io/{PROJECT}/{PATH}/{CONTAINER}:{TAG}
unauthorized: You don't have the needed permissions to perform this operation,
and you may have invalid credentials. To authenticate your request, follow the
steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
> docker push northamerica-northeast1-docker.pkg.dev/{PROJECT}/{REPOSITORY}/{CONTAINER}:{TAG}
denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource
"projects/opallabs/locations/northamerica-northeast1/repositories/domar" (or it may not exist)
我已经运行了几次gcloud init
和gcloud auth configure docker
。我可以使用gcloud
从命令行创建和编辑谷歌云资源,没有任何问题。我是Google云项目的所有者,但为了安全起见,我已经为自己分配了存储管理员、工件注册管理员、工件注册库管理员。但是,当我运行gcloud auth print access token
并使用https://www.googleapis.com/oauth2/v1/tokeninfo
endpoint,仅显示以下范围:
{
...
"scope": "openid https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-
platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute
https://www.googleapis.com/auth/accounts.reauth",
...
}
缺少https://www.googleapis.com/auth/devstorage.read_write
或https://www.googleapis.com/auth/devstorage.full_control
scope,根据配置文件,这些scope可能会出现,但我不确定它们为什么会丢失。我按照安装说明在上一台Windows 10机器上进行了此操作,但在我的新机器上的相同设置似乎不起作用
我的docker凭据帮助程序条目:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud",
"northamerica-northeast1-docker.pkg.dev": "gcloud",
"us-central1-docker.pkg.dev": "gcloud"
}
}
gcloud-v
谷歌云SDK 311.0.0
beta 2020.09.18
bq 2.0.60
核心2020.09.18
gsutil 4.53
docker-v
Docker version 19.03.13,build 4484c46d9d多亏了Docker桌面上的“设置”->“命令行”并取消选中“启用云体验”开关,我已经能够进行身份验证。该设置似乎不存在于中,因此我不确定它如何影响身份验证,我所知道的是,对于Docker版本19.03.13,在Windows上构建4484c46d9d,如果要使用gcloud进行身份验证,则需要禁用该设置。多亏了提供的设置,我可以通过“设置”->“命令行”进行身份验证在Docker Desktop中,取消选中“启用云体验”开关。该设置似乎不存在于中,因此我不确定它如何影响身份验证,我所知道的是,对于Docker版本19.03.13,在Windows上构建4484c46d9d,如果要使用gcloud进行身份验证,则需要禁用该设置。嘿,报告了类似的问题。这可能对你的情况也有帮助。嘿,发现了类似的问题。这可能对您的情况也有帮助。