search

Azure / draft-classic

A tool for developers to create cloud-native applications on Kubernetes.
https://draft.sh
MIT License
3.92k stars 395 forks source link

Auth failed while using private registry gcr.io #451

Closed gaurav8297 closed 6 years ago

gaurav8297 commented 6 years ago

I was using a JSON key file to authenticate with my google cloud registry.

1. Enter your Docker registry URL (e.g. docker.io/myuser, quay.io/myuser, myregistry.azurecr.io): gcr.io/<project_id>
2. Enter your username: _json_key
3. Enter your password: <cat key.json>

I created the key.json file from my draft service account in google credentials.

But i'm getting an error while draft up. Here's the log

Step 1/5 : FROM node:8-onbuild
# Executing 5 build triggers...
Step 1/1 : ARG NODE_ENV
 ---> Using cache
Step 1/1 : ENV NODE_ENV $NODE_ENV
 ---> Using cache
Step 1/1 : COPY package.json /usr/src/app/
 ---> Using cache
Step 1/1 : RUN npm install && npm cache clean --force
 ---> Using cache
Step 1/1 : COPY . /usr/src/app
 ---> Using cache
 ---> 3bd03ef5d4ac
Step 2/5 : ENV PORT 8080
 ---> Using cache
 ---> 134e8c3bc8c4
Step 3/5 : EXPOSE 8080
 ---> Using cache
 ---> 61608b4d2027
Step 4/5 : RUN npm install
 ---> Using cache
 ---> eeb8aa4d0aea
Step 5/5 : CMD npm start
 ---> Using cache
 ---> 5f86eaf2a551
Successfully built 5f86eaf2a551
The push refers to a repository [gcr.io/<project_id>/draft-test]
ba0590539a1a: Preparing
0b5b91d8f7ac: Preparing
9babbf413492: Preparing
4b77683967fb: Preparing
d7c95b626793: Preparing
4c3b310c7a93: Preparing
5006f2e74f37: Preparing
50599c766115: Preparing
d4141af68ac4: Preparing
8fe6d5dcea45: Preparing
06b8d020c11b: Preparing
b9914afd042f: Preparing
4bcdffd70da2: Preparing
4c3b310c7a93: Waiting
5006f2e74f37: Waiting
50599c766115: Waiting
d4141af68ac4: Waiting
8fe6d5dcea45: Waiting
06b8d020c11b: Waiting
b9914afd042f: Waiting
4bcdffd70da2: Waiting
buildApp: pushImg error: denied: Unable to access the repository, please check that you have permission to access it.

Can anyone help me resolving this.

bacongobbler commented 6 years ago

Hey @dggs123!

Yeah, we identified this issue and there was work ongoing in https://github.com/Azure/draft/pull/364 to pull in GCR support but it seemed like a pretty hacky solution to get authentication working properly. One idea is to pull out the cloud-provider specific initialization into separate provider plugins via #168, though after playing with the idea for a few weeks I'm not so sure that'll be the silver bullet I thought it'd be.

Out of curiosity, do you know if GKE clusters are authorized to pull and push to Google Container Registry?

I think this has been the biggest hurdle so far for Draft; how do we distribute images built in-cluster to the rest of the kubelets?

gaurav8297 commented 6 years ago

I was using deis but as deis project is shutting down. I'm thinking to shift my deployments to draft.

https://cloud.google.com/container-registry/docs/advanced-authentication

I tried using two methods described in the above doc for authenticating with gcr.io using draft but getting an auth error.

FGRibreau commented 6 years ago

Out of curiosity, do you know if GKE clusters are authorized to pull and push to Google Container Registry?

I can confirm that GKE clusters are authorized to pull image from Google Container Registry (for the push part I never tried).

I had the same issue, could not authenticate Draft with gcr.io

bacongobbler commented 6 years ago

I'm going to close this in favour of #355 to track GCR support in one ticket. Let's keep the ball rolling there. Thanks for the reports, everyone!