问题
I'm trying via Jenkins to push an image to the container repository. It was working at first, but now, I got "access denied"
docker -- push gcr.io/xxxxxxx-yyyyy-138623/myApp:master.1
The push refers to a repository [gcr.io/xxxxxxx-yyyyy-138623/myApp]
bdc3ba7fdb96: Preparing
5632c278a6dc: Waiting
denied: Access denied.
the Jenkinsfile look like :
sh("gcloud docker --authorize-only")
sh("docker -- push gcr.io/xxxxxxx-yyyyy-138623/hotelpro4u:master.1")
Remarks:
- Jenkins is running in Google Cloud
- If I try in Google Shell or from my computer, it's working
- I followed this tutorial : https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes
I'm stuck while 12 hours.... I need help
回答1:
That error means that the GKE node is not authorized to push to the GCS bucket that is backing your repository.
This could be because:
- The cluster does not have the correct scopes to authenticate to GCS. Did you create the cluster w/
--scopes storage-rw? - The service account that the cluster is running as does not have permissions on the bucket. Check the IAM & Admin section on your project to make sure that the service account has the necessary role.
回答2:
Building on @cj-cullen's answer above, you have two options:
Destroy the node pool and then, from the CLI, recreate it with the missing
https://www.googleapis.com/auth/projecthosting,storage-rwscope. The GKE console does not have the capability to change the default scopes when creating a node pool from the console.Stop each instance in your cluster. In the console, click the edit button for the instance. You should now be able to add the appropriate
https://www.googleapis.com/auth/projecthosting,storage-rwscope.
来源:https://stackoverflow.com/questions/38764193/google-cloud-jenkins-gcloud-push-access-denied