Unable to push images in GCR - "Caller does not have permission 'storage.buckets.create'."

Question

I'm using Standalone Docker credential helper authentication option to push docker images in GCR. Ran following command locally which created config.json file at following path - C:\Users\sunny.goel.docker

***docker-credential-gcr configure-docker***

Then I issued following command to get the credential for us.gcr.io region and noticed that secret returned in output doesn't match with auth attribute value for us.gcr.io region in config.json file. Shouldn't it match ideally ?

***echo "https://us.gcr.io" | docker-credential-gcr get***

Moreover, where can we find the caller information to assign the required roles (storage admin)? I do see a number of service accounts but am not sure which one is used to create storage buckets?

Answer 1

Have you ran docker-credential-gcr gcr-login? If you have done so, it should use your account to access the storage. If not, do you have gcloud installed and logged in?

Once credential helper is set in your config.json, you should see something like: "credHelpers": { "us.gcr.io": "gcr", "gcr.io": "gcr", ... }

If you have that, then docker would ignore auths attribute.