5

I am trying to push docker image to GCP, but i am still getting this error:

unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

I follow this https://cloud.google.com/container-registry/docs/quickstart step by step and everything works fine until docker push

It's clear GCP project

I've already tried:

  1. use gcloud as a Docker credential helper: gcloud auth configure-docker
  2. reinstall Cloud SDK and gcloud init
  3. add Storage Admin role to my account

What I am doing wrong?

Thanks for any suggestions

wujido
  • 139
  • 1
  • 10
  • 1
    "I am trying to push docker image to GCP", what command did you use to push the docker image (or what did you do if you used the GCloud console GUI and not command line)? – Jay Mody Jan 04 '20 at 16:44
  • @JayMody I am using command: docker push gcr.io// – wujido Jan 05 '20 at 00:50
  • your are running this locally ? not on cloud shell? have you performed gcloud auth login ? – Pievis Jan 05 '20 at 11:58
  • @Pievis I did it locally. I performed ```gcloud init``` so I am logged in (when i run ```gcloud auth list``` my acc is active). Then I build my container and tag it. This proccess is described in provided link, I follow it step by step. But I can't push it to Google Container Registry. – wujido Jan 05 '20 at 16:13
  • After following the steps in the link that you provided I was able to successfully push an image with some slight modification : I used the gcloud auth login command after the gcloud auth configure-docker command. Try it and let us know if that worked and if not what were the errors? – Digil Jan 06 '20 at 16:01
  • You may also need to refer [this](https://stackoverflow.com/questions/55446787/permission-issues-while-docker-push) similar discussion thread as well. It is also possible that your GKE cluster or GCE instance are missing proper scopes. – Digil Jan 06 '20 at 16:12
  • @Digil I try the whole proccess again with gcloud auth login and the result was same as error in my original question. – wujido Jan 07 '20 at 18:20
  • It may be a good idea to confirm if the scopes are set in your VM instances. The [link](https://cloud.google.com/container-registry/docs/using-with-google-cloud-platform#access_scopes) describes in greater detail how to use the container registry. – Digil Jan 08 '20 at 20:35

1 Answers1

9

If it can help those in the same situation as me:

  • Docker 19.03
  • Google cloud SDK 288.0.0

Important: My user is not in a docker user group. I then have to prepend sudo before any docker command

When gcloud and docker are not using the same config.json

When I use gcloud credential helper:

gcloud auth configure-docker

it updates the JSON config file in my $HOME: [/home/{username}/.docker/config.json]. However, when logging out and login again from Docker CLI,

sudo docker login

The warning shows a different path, which makes sense as I sudo-ed:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

sudo everywhere

To fix it, I did the following steps:

# Clear everything
sudo docker logout
sudo rm /root/.docker/config.json
rm /home/{username}/.docker/config.json

# Re-login
sudo docker login
sudo gcloud auth login --no-launch-browser # --no-launch-browser is optional

# Check both Docker CLI and gcloud credential helper are here
sudo vim /root/.docker/config.json

# Just in case
sudo gcloud config set project {PROJECT_ID}

I can now push my Docker images to both GCR and Docker hub

Al-un
  • 3,102
  • 2
  • 21
  • 40