如何解决Gitlab GKE runner 使用工作负载身份推送到 GCR
我正在尝试使用 gitlab runner 在 GKE 中构建图像,然后将该图像推送到 GCR。这总是失败并首先输出 AWS 错误。
我的理解是,构建 pod 是在与我的 GCR 相应服务帐户应该推送的相同命名空间中创建的。 Pod 似乎没有使用工作负载标识或由于其他原因而失败。
Gitlab Yaml
buildmygcr:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
tags:
- cluster
- kubernetes
script:
- /kaniko/executor --verbosity debug --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination gcr.io/myproject/test:test --cache=false
构建错误
DEBU[0000] copying file /builds/user/test/Dockerfile to /kaniko/Dockerfile
E0403 20:18:16.646782 21 aws_credentials.go:77] while getting AWS credentials NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
error checking push permissions -- make sure you entered the correct tag name,and that you are authenticated correctly,and try again: checking push permission for "gcr.io/myproject/test:test": creating push check transport for gcr.io Failed: GET https://gcr.io/v2/token?scope=repository%myproject%2Ftest%3Apush%2cpull&service=gcr.io: UNAUTHORIZED: You don't have the needed permissions to perform this operation,and you may have invalid credentials. To authenticate your request,follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
Cleaning up file based variables
00:00
ERROR: Job Failed: command terminated with exit code 1
root@workload-identity-test:/# gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* mysvcaccount@myproject.iam.gserviceaccount.com
To set the active account,run:
$ gcloud config set account `ACCOUNT`
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。