Kaleby Cadorin
Reputation: 434
Issues using skopeo copy to gcr, unable to authenticate on google cloud
I'm trying to pull and push images in a Gitlab pipeline avoiding to use docker-in-docker approach so I'm trying to use skopeo for that.
But right now I'm having issues authenticating skopeo on gcr because we use key authentication for Service Accounts, that doesn't seems to be supported (at least I couldn't make it work) by skopeo, and we don't want to use user and password for that.
The error message is this one:
unable to retrieve auth token: invalid username/password: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
What are the possibilities I can explore to make authentication work?
Upvotes: 1
Views: 2658
Answers (1)
Kaleby Cadorin
Reputation: 434
I just found a way to solve that authentication issue, we must use --dest-registry-token flag like this:
skopeo copy --dest-registry-token "$(gcloud auth print-access-token)" docker://nginx:1.23.1 docker://us.gcr.io/project/nginx:1.23.1
And make sure that before doing that you activate the Service Account.
gcloud auth activate-service-account --key-file $SOME_FILE
Upvotes: 2
Related Questions
- Authenticate Google Compute Engine (GCE) to Pull Image from Google Container Registry (GCR)
- How to properly authenticate docker client golang library to gcr.io registry?
- Error pulling docker image from GCR into GKE "Failed to pull image .... 403 Forbidden"
- Failed to authorize when pushing docker image to GCR
- Google Container Registry - unauthorized, struggling to authenticate
- GKE can't pull image from GCR
- pull access denied for gcr.io
- Pull Docker image in GCR from GKE with custom service account
- Docker Login to gcr.io in Powershell
- What's causing authentication error when pushing Docker image to Google Container Registry?