You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I have a CI running on GKE (with WLI+SA binded to role Artifact Registry Writer) that works perfectly when building/pushing images with Kaniko to google artifact registry.
I would like to move to buildpacks and I read that google buildpacks uses google cloud libraries that leverage ADC flow so it should directly publish like kaniko is doing.
Unfortunately, when I try the cnb/lifecycle/creator it fails at analyzer step with error authenticating to the registry and not having the read permission… but the KSA has the correct permission via WLI -> Artifact Registry Writer.
To validate: I build a custom google buildpack image with Google CLI and run a curl get command and it returns a response.
curl -X GET -H "Authorization: Bearer $(gcloud auth print-access-token)" "$MY_REGISTRY"
I even tried to create a docker config.json file but still facing the same error.
Could you please help me?
Thanks for your support
PS: Here is the CI build
build image:
stage: build
image:
name: $IMAGE_PACKBUILDER
before_script:
#create docker credentials via gcloud cli
- mkdir ~/.docker
- echo "{"auths":{"$GCP_REGISTRY":{"username":"gsa@my_project.iam.gserviceaccount.com","password":"$(gcloud auth print-access-token)"}}}" >> ~/.docker/config.json
script:
- /cnb/lifecycle/creator -app=. $BUILD_IMAGE:latest
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I have a CI running on GKE (with WLI+SA binded to role Artifact Registry Writer) that works perfectly when building/pushing images with Kaniko to google artifact registry.
I would like to move to buildpacks and I read that google buildpacks uses google cloud libraries that leverage ADC flow so it should directly publish like kaniko is doing.
Unfortunately, when I try the cnb/lifecycle/creator it fails at analyzer step with error authenticating to the registry and not having the read permission… but the KSA has the correct permission via WLI -> Artifact Registry Writer.
To validate: I build a custom google buildpack image with Google CLI and run a curl get command and it returns a response.
curl -X GET -H "Authorization: Bearer $(gcloud auth print-access-token)" "$MY_REGISTRY"
I even tried to create a docker config.json file but still facing the same error.
Could you please help me?
Thanks for your support
PS: Here is the CI build
build image:
stage: build
image:
name: $IMAGE_PACKBUILDER
before_script:
#create docker credentials via gcloud cli
- mkdir ~/.docker
- echo "{"auths":{"$GCP_REGISTRY":{"username":"gsa@my_project.iam.gserviceaccount.com","password":"$(gcloud auth print-access-token)"}}}" >> ~/.docker/config.json
script:
- /cnb/lifecycle/creator -app=. $BUILD_IMAGE:latest
Beta Was this translation helpful? Give feedback.
All reactions