Reputation: 67987
What's causing authentication error when pushing Docker image to Google Container Registry?
I am trying to push a Docker image to Google Container Registry from a CircleCI build, as per their instructions. However, pushing to GCR fails due to an apparent authentication error:
Using 'push eu.gcr.io/realtimemusic-147914/realtimemusic-test/realtimemusic-test' for DOCKER_ARGS.
The push refers to a repository [eu.gcr.io/realtimemusic-147914/realtimemusic-test/realtimemusic-test] (len: 1)
Post https://eu.gcr.io/v2/realtimemusic-147914/realtimemusic-test/realtimemusic-test/blobs/uploads/: token auth attempt for registry: https://eu.gcr.io/v2/token?account=oauth2accesstoken&scope=repository%3Arealtimemusic-147914%2Frealtimemusic-test%2Frealtimemusic-test%3Apush%2Cpull&service=eu.gcr.io request failed with status: 403 Forbidden
I've prior to pushing the Docker image authenticated the service account against Google Cloud:
echo $GCLOUD_KEY | base64 --decode > ${HOME}/client-secret.json
gcloud auth activate-service-account --key-file ${HOME}/client-secret.json
gcloud config set project $GCLOUD_PROJECT_ID
Then I build the image and push it to GCR:
docker build -t $EXTERNAL_REGISTRY_ENDPOINT/realtimemusic-test -f docker/test/Dockerfile .
gcloud docker push -- $EXTERNAL_REGISTRY_ENDPOINT/realtimemusic-test
What am I doing wrong here?
Upvotes: 0
Views: 2875
Answers (4)
Reputation: 235
After many retries... I solved using access token:
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://[HOSTNAME]
Upvotes: 3
Reputation: 706
If you are pushing docker image using google cloud sdk. You can use temporary authorization with the following command:
gcloud docker --authorize-only
The above command gives you a temporary authorization for pushing and pulling images using docker. You can refer this link for details Gcloud docker. Hope it helps to solve your issue.
Upvotes: 1
Reputation: 67987
The service account requires permission to write to the Cloud Storage bucket containing the container registry. Granting the service account either the project editor role or write access to the bucket (via ACL) solves the issue. The latter should be preferable since the account doesn't receive wider permissions than it needs.
Upvotes: 0
Reputation: 595
Have you tried using the _json_key method for authenticating with Docker? https://cloud.google.com/container-registry/docs/advanced-authentication
After that, please use naked 'docker' (without 'gcloud').
Upvotes: 1
Related Questions
- Error pulling docker image from GCR into GKE "Failed to pull image .... 403 Forbidden"
- Failed to authorize when pushing docker image to GCR
- 401 Unauthorized error while trying to pull image from Google Container Registry
- Google Container Registry access denied when pushing docker container
- Google Container Registry - unauthorized, struggling to authenticate
- Push a Docker image to Google Container Registry from a container running in the GKE
- Google Cloud Container Registry refuses connection from docker push
- Unable to pull docker image into Kubernetes Pod from Google Container Registry
- Push docker image to Google Container Registry failure on Mac
- Google Cloud Container Registry Issues while pushing docker images