瞭望塔与GCR的gcloud信誉助手

有人知道如何从docker compose中的containrrr watchtower映像中提取私人GCR repos吗？

对于上下文，我在主机中运行gcloud auth configure-docker，并将这些卷添加到watchtower:

version: "3.4"
services:
app:
image: gcr.io/<proj>/<img>:latest
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker/config.json:/config.json
- /root/.config/gcloud:/.config/gcloud
- /usr/lib/google-cloud-sdk:/usr/lib/google-cloud-sdk
command: --interval 10
environment:
- PATH=$PATH:/usr/lib/google-cloud-sdk/bin
- HOME=/
labels:
- com.centurylinklabs.watchtower.enable=false

它只是一直在说

watchtower_1  | time="2021-06-03T22:36:13Z" level=info msg="Unable to update container "/gce_app_1": Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication. Proceeding to next."

我找到了一个解决方案。需要注意的是，gcloud助手需要安装python才能工作。因此，即使您将所有的配置和二进制文件添加到监视塔容器中，它仍然无法正常运行。

作为一个解决方案，我提出了一个安装了watchtower和python3的最小docker映像。它是yspreen/watchtower。你可以在github上找到完整的自述，但这里是摘要：

version: "3.4"
services:
app:
image: gcr.io/<project>/<image>:latest
watchtower:
image: yspreen/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker/config.json:/config.json
- /root/.config/gcloud:/.config/gcloud
- /usr/lib/google-cloud-sdk:/usr/lib/google-cloud-sdk
command: --cleanup --interval 10
environment:
- PATH=$PATH:/usr/lib/google-cloud-sdk/bin
- HOME=/
labels:
- com.centurylinklabs.watchtower.enable=false

配置文件：

{
"credsStore": "gcloud",
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud"
}
}

相关内容

最新更新

热门标签：