问题描述
我按照步骤将 docker 镜像推送到 Google Cloud Registry here。
我可以手动运行 docker push eu.gcr.io/[PROJECT_ID]/[IMAGE_TAG],它会成功运行。但是,dockerfile maven 插件会因为缺少凭据而失败:
org.apache.maven.plugin.MojoExecutionException: Could not push image
...
Caused by: com.spotify.docker.client.exceptions.DockerException: unauthorized: You don't have the needed permissions to perform this operation,and you may have invalid credentials. To authenticate your request,follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
此时,我的 ~/.docker/config.json 文件看起来像:
{
"credHelpers": {
"gcr.io": "gcloud","us.gcr.io": "gcloud","eu.gcr.io": "gcloud","asia.gcr.io": "gcloud","staging-k8s.gcr.io": "gcloud","marketplace.gcr.io": "gcloud"
}
}
经过大量调试,我找到了一个有效的配置:
{
"auths": {
"eu.gcr.io": {}
},"credHelpers": {
"eu.gcr.io": "gcr"
},"credsstore": "gcr"
}
我必须安装 docker-credential-gcr 模块:
gcloud components install docker-credential-gcr
我有两个问题:
编辑:
我的 Maven 配置的相关部分是:
<plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<version>1.4.13</version>
<configuration>
<repository>eu.gcr.io/[PROJECT_ID]/[IMAGE_NAME]</repository>
<tag>2.0.0</tag>
</configuration>
<executions>
<execution>
<id>default</id>
<goals>
<goal>build</goal>
<goal>push</goal>
</goals>
</execution>
<execution>
<id>tag-image-latest</id>
<goals>
<goal>tag</goal>
</goals>
<configuration>
<tag>latest</tag>
</configuration>
</execution>
</executions>
</plugin>
解决方法
尝试在配置标记中添加 <useMavenSettingsForAuth>true</useMavenSettingsForAuth> 并在 maven settings.xml 中指定您的服务器凭据:
<server>
<id>docker.io</id>
<username>XXX</username>
<password>XXX</password>
</server>
此外,如果您想将映像推送到私有注册表,您需要做两件事:API 访问范围和使用注册表验证您的 VM。
this post 中已有详细答案,您可以从中深入了解您的问题。
希望对您有所帮助。