问题描述
我正在尝试使用 gitlab runner 在 GKE 中构建图像,然后将该图像推送到 GCR。这总是失败并首先输出 AWS 错误。
我的理解是,构建 pod 是在与我的 GCR 相应服务帐户应该推送的相同命名空间中创建的。 Pod 似乎没有使用工作负载标识或由于其他原因而失败。
Gitlab Yaml
buildmygcr:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
tags:
- cluster
- kubernetes
script:
- /kaniko/executor --verbosity debug --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination gcr.io/myproject/test:test --cache=false
构建错误
DEBU[0000] copying file /builds/user/test/Dockerfile to /kaniko/Dockerfile
E0403 20:18:16.646782 21 aws_credentials.go:77] while getting AWS credentials NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
error checking push permissions -- make sure you entered the correct tag name,and that you are authenticated correctly,and try again: checking push permission for "gcr.io/myproject/test:test": creating push check transport for gcr.io Failed: GET https://gcr.io/v2/token?scope=repository%myproject%2Ftest%3Apush%2cpull&service=gcr.io: UNAUTHORIZED: You don't have the needed permissions to perform this operation,and you may have invalid credentials. To authenticate your request,follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
Cleaning up file based variables
00:00
ERROR: Job Failed: command terminated with exit code 1
root@workload-identity-test:/# gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* mysvcaccount@myproject.iam.gserviceaccount.com
To set the active account,run:
$ gcloud config set account `ACCOUNT`
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)