I have made a Dockerfile for deploying my node.js application into google container engine .It looks like as below
FROM node:0.12
COPY google-cloud-sdk /google-cloud-sdk
RUN /google-cloud-sdk/bin/gcloud init
COPY bpe /bpe
CMD cd /bpe;npm start
I should use gcloud init inside Dockerfile because my node.js application is using gcloud-node module for creating buckets in GCS . When i am using the above dockerfile and doing docker built it is failing with following errors
sudo docker build -t gcr.io/[PROJECT_ID]/test-node:v1 .
Sending build context to Docker daemon 489.3 MB
Sending build context to Docker daemon
Step 0 : FROM node:0.12
---> 57ef47f6c658
Step 1 : COPY google-cloud-sdk /google-cloud-sdk
---> f102b82812f5
Removing intermediate container 4433b0f3627f
Step 2 : RUN /google-cloud-sdk/bin/gcloud init
---> Running in 21aead97cf65
Welcome! This command will take you through the configuration of gcloud.
Your current configuration has been set to: [default]
To continue, you must log in. Would you like to log in (Y/n)?
Go to the following link in your browser:
ERROR: There was a problem with web authentication.
ERROR: (gcloud.auth.login) invalid_grant
ERROR: (gcloud.init) Failed command: [auth login --force --brief] with exit code [1]
I done it working by hard coding the authentication key inside google-cloud-sdk source code.Please let me know the proper way to solve this issue .
gcloud init
is a wrapper command which runs
gcloud config configurations create MY_CONFIG
gcloud config configurations activate MY_CONFIG
gcloud auth login
gcloud config set project MY_PROJECT
which allows user to choose configuration, login (via browser) and choose a project.
For your use case you probably do not want to use gcloud init
, instead you should download service account key file from https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=MY_PROJECT, make it accessible inside docker container and activate it via
gcloud auth activate-service-account --key-file my_service_account.json
gcloud config set project MY_PROJECT
Better way to use gcs from container engine is give permission to cluster. For example, if you had created your VM with devstorage.read_only scope, trying to write to a bucket would fail, even if your service account has permission to write to the bucket. You would need devstorage.full_control or devstorage.read_write.
while creating cluster we can use following command
gcloud container clusters create catch-world \
--num-nodes 1 \
--machine-type n1-standard-1 \
--scopes https://www.googleapis.com/auth/devstorage.full_control