I am using the jkube kubernetes-maven-plugin and I am trying to push stuff to the artifact registry on google cloud platform. I currently have issues with the authentication:
While k8s:build creates a perfectly fine image with the correct name that I can push using docker push, it fails when using k8s:push.
The error is either
Error getting the version of the configured credential helper: Failed to start 'docker-credential-gcloud version' : Cannot run program "docker-credential-gcloud": CreateProcess error=2 .
Or
denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "project
depending on how I configured my %USER%/.docker/config.json. (first is with credHelper gcloud, second is with credHelper removed and using plain docker login)
Workaround:
I used the authConfig tags with username (_json_key), password (encrypted service-account.json) and mvn --encrypt-password
This way, it is possible to push to the registry
Eclipse JKube version
1.15.0
Component
Kubernetes Maven Plugin
Apache Maven version
None
Gradle version
None
Steps to reproduce
Configure a GCP Artifact Registry as the registry
Try to use the described auth / credentials handling methods, like:
Describe the bug
I am using the jkube kubernetes-maven-plugin and I am trying to push stuff to the artifact registry on google cloud platform. I currently have issues with the authentication:
While
k8s:build
creates a perfectly fine image with the correct name that I can push usingdocker push
, it fails when usingk8s:push
. The error is eitherError getting the version of the configured credential helper: Failed to start 'docker-credential-gcloud version' : Cannot run program "docker-credential-gcloud": CreateProcess error=2 .
Ordenied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "project
depending on how I configured my %USER%/.docker/config.json. (first is with credHelper gcloud, second is with credHelper removed and using plaindocker login
)Workaround:
I used the authConfig tags with username (_json_key), password (encrypted service-account.json) and mvn --encrypt-password This way, it is possible to push to the registry
Eclipse JKube version
1.15.0
Component
Kubernetes Maven Plugin
Apache Maven version
None
Gradle version
None
Steps to reproduce
Expected behavior
All of the described auth methods work
Runtime
Kubernetes (vanilla)
Kubernetes API Server version
1.25.3
Environment
Windows
Eclipse JKube Logs
No response
Sample Reproducer Project
No response
Additional context
No response