K
Q

Google Cloud Jenkins gcloud push access denied

8/4/2016

I'm trying via Jenkins to push an image to the container repository. It was working at first, but now, I got "access denied"

docker -- push gcr.io/xxxxxxx-yyyyy-138623/myApp:master.1
The push refers to a repository [gcr.io/xxxxxxx-yyyyy-138623/myApp]
bdc3ba7fdb96: Preparing
5632c278a6dc: Waiting
denied: Access denied.

the Jenkinsfile look like :

  sh("gcloud docker --authorize-only")
  sh("docker -- push gcr.io/xxxxxxx-yyyyy-138623/hotelpro4u:master.1")

Remarks:

I'm stuck while 12 hours.... I need help

-- Xero
google-cloud-platform
google-kubernetes-engine
jenkins
kubernetes

Similar Questions

kubernetes 1.2 to 1.3 upgrade on CoreOS
Can not pull docker image from private repo when using Minikube
Converting Datadog "M%" CPU Unity to Kubernetes cpu unity "m"
Unable to access Kubernetes Dashboard

2 Answers

5/18/2017

Building on @cj-cullen's answer above, you have two options:

  1. Destroy the node pool and then, from the CLI, recreate it with the missing https://www.googleapis.com/auth/projecthosting,storage-rw scope. The GKE console does not have the capability to change the default scopes when creating a node pool from the console.

  2. Stop each instance in your cluster. In the console, click the edit button for the instance. You should now be able to add the appropriate https://www.googleapis.com/auth/projecthosting,storage-rw scope.

-- joshwa
Source: StackOverflow
8/4/2016

That error means that the GKE node is not authorized to push to the GCS bucket that is backing your repository.

This could be because:

  1. The cluster does not have the correct scopes to authenticate to GCS. Did you create the cluster w/ --scopes storage-rw?
  2. The service account that the cluster is running as does not have permissions on the bucket. Check the IAM & Admin section on your project to make sure that the service account has the necessary role.
-- CJ Cullen
Source: StackOverflow