我有一个在GCE中运行的GKE集群,我能够构建+标记一个从ubuntu:16.04派生的镜像:
/ # docker images
REPOSITORY TAG IMAGE ID
CREATED SIZE
eu.gcr.io/my-project/ubuntu-gcloud latest a723e43228ae 7 minutes ago 347MB
ubuntu 16.04 ebcd9d4fca80 7 days ago 118MB
首先,我尝试登录注册表(如GKE文档中所述(
docker login -u oauth2accesstoken -p `curl -s "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" -H "Metadata-Flavor: Google"|awk -F" "{ print $4 }"` eu.gcr.io`
然后docker push命令失败:
# docker push eu.gcr.io/my-project/ubuntu-gcloud
The push refers to a repository [eu.gcr.io/my-project/ubuntu-gcloud]
a3a6893ab23f: Preparing
6e390fa7d62c: Preparing
22b8fccbaf84: Preparing
085eeae7a10b: Preparing
b29983dd2306: Preparing
33f1a94ed7fc: Waiting
b27287a6dbce: Waiting
47c2386f248c: Waiting
2be95f0d8a0c: Waiting
2df9b8def18a: Waiting
denied: Unable to create the repository, please check that you have access to do so.
令牌应该是有效的,在另一个实例中,我可以用它gcloud whatever;服务帐户在项目中具有"编辑者"角色。
最奇怪的部分是当我使用明显无效的凭据进行docker login时
misko@MacBook ~ $ docker login -u oauth2accesstoken -p somethingverystupidthatisreallynotmypasswordortoken123 eu.gcr.io
Login Succeeded
登录始终成功。
我该怎么做才能成功docker push gcr.io?
试试这个:
gcloud docker -- push eu.gcr.io/my-project/ubuntu-gcloud
如果要使用常规 docker 命令,请使用 GCR 凭据更新 docker 配置:
gcloud docker -a
然后,您可以像这样构建和推送 docker 映像:
docker build -t eu.gcr.io/my-project/ubuntu-gcloud .
docker push eu.gcr.io/my-project/ubuntu-gcloud