我有一段时间没有建立 GCE 堆栈了,我发誓随着时间的推移这会变得更加困难。
所以设置很简单:空白 ubuntu VM,通过 snap 安装 docker。现在,当我尝试从 GCR 拉动时,我得到
> docker pull gcr.io/.../image
Using default tag: latest
Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
很公平。我检查了我的 gcloud 命令:
> gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* ...-compute@developer.gserviceaccount.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`
因此,正确的服务帐户就在那里。在 IAM 中,它被列为编辑器,为了更好地衡量,我也添加了存储管理员。
现在我跑
> gcloud auth configure-docker
WARNING: `docker-credential-gcloud` not in system PATH.
gcloud's Docker credential helper can be configured but it will not work until this is corrected.
Adding credentials for all GCR repositories.
WARNING: A long list of credential helpers may cause delays running 'docker build'. We recommend passing the registry name to configure only the registry you are using.
After update, the following will be written to your Docker config file
located at [/home/y/.docker/config.json]:
{
"credHelpers": {
"gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"asia.gcr.io": "gcloud"
}
}
Do you want to continue (Y/n)?
Docker configuration file updated.
根据 gcp 的文档,警告很好。 gcloud 可以用作独立助手的替代品。但仍然:拉动失败。真可惜。
根据文档,sudo 是个坏主意。所以我尝试将我的用户添加到 docker 组,显然这与 snap 冲突。我跑了
> sudo addgroup --system docker
> sudo adduser $USER docker
> newgrp docker
> sudo snap disable docker
> sudo snap enable docker
所以现在我可以在我的帐户中使用 docker。
但问题仍然存在。我还尝试了独立助手
> VERSION=2.0.0
> OS=linux # or "darwin" for OSX, "windows" for Windows.
> ARCH=amd64 # or "386" for 32-bit OSs, "arm64" for ARM 64.
> curl -fsSL "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${VERSION}/docker-credential-gcr_${OS}_${ARCH}-${VERSION}.tar.gz" | tar xz --to-stdout ./docker-credential-gcr | sudo tee /usr/local/bin/docker-credential-gcr && sudo chmod +x /usr/local/bin/docker-credential-gcr
> docker-credential-gcr configure-docker
我已经解决这个问题太久了,这是怎么回事?
最佳答案
Snap 似乎在这里引起了问题。在帮助程序的特定于 snap 的配置文件和 snap-install gcloud SDK 之间的某个地方,发生了错误。我进行了全新安装,并且仅适用于:
sudo snap remove google-cloud-sdk
sudo apt update; sudo apt upgrade -y
sudo apt install docker.io
sudo curl -L --fail https://github.com/docker/compose/releases/download/1.25.5/run.sh -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker -v
sudo usermod -a -G docker $USER
## new shell
# exit
curl https://sdk.cloud.google.com | bash
gcloud auth configure-docker
. ~/.bashrc
sudo ln -s $(which gcloud) /usr/bin/
gcloud auth configure-docker
关于docker - 在 Ubuntu 20.04 上从 GCE vm 中的 GCR 拉取,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61721193/