我有一个GCP项目。在这里,我在运行Teamcity容器的情况下使用GKE。这个Teamcity容器是我的构建服务器,也是我运行构建步骤/脚本的位置。
其中一个构建步骤希望将docker映像推送到Google Container Registry。这样做会导致此错误:
denied: Token exchange failed for project 'coopr-mod'. Caller does not have permission 'storage.buckets.create'. To configure permissions,follow instructions at: https://cloud.google.com/container-registry/docs/access-control
我阅读了上面的说明链接,但无法找到解决问题的方法。
为完整起见,我在此写下执行的构建步骤:
第1步:
# Create environment variable for correct distribution
export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"
# Add the Cloud SDK distribution URI as a package source
echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
# Import the Google Cloud Platform public key
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
# Update the package list and install the Cloud SDK
sudo apt-get -y update && sudo apt-get -y install google-cloud-sdk
第2步:
gcloud --quiet auth configure-docker
第3步: `docker build myimage:1
步骤4 :
docker tag myimage:1 eu.gcr.io/my-project/myimage:1
步骤5 :(失败的步骤)
docker push eu.gcr.io/coopr-mod/myimage:1
结果:
denied: Token exchange failed for project 'coopr-mod'. Caller does not have permission 'storage.buckets.create'. To configure permissions,follow instructions at: https://cloud.google.com/container-registry/docs/access-control
我阅读了有关授予GKE read-write
对Google存储空间的权限的信息,但是找不到该指南告诉我“如何”执行此操作。