[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pulling image from Google Cloud Registry failing with 403



What version of OpenShift?  What you pasted looks correct:

1. Generate secret with the right server name
2. Add pull secret to all of the service accounts that will be pulling the image
3. Launch pod

You may want to look at the docker log and verify that what it is trying to pull looks correct.  It's always possible there's a subtle bug though in how this is being checked, so may need to have you turn on debug logging on your node so we can investigate.

On Tue, Sep 13, 2016 at 5:57 AM, Andre Esser <andre esser voidbridge com> wrote:
Hi,

I'm trying to pull an image from the Google Cloud Registry from within
a pod definition. My JSON file seems to be fine:
------------------------------------------------------------------->
$ docker login -u _json_key -p "$(cat google-cloud-registry.json)" \
  https://eu.gcr.io
Login Succeeded
$ docker pull eu.gcr.io/vb-europe/graylog-stack-deployer:latest
latest: Pulling from vb-europe/graylog-stack-deployer
[...]
Status: Downloaded newer image for eu.gcr.io/vb-europe/graylog-stack-\
deployer:latest
<-------------------------------------------------------------------

I create the corresponding secret with:
------------------------------------------------------------------->
$ oc -n default secrets new-dockercfg google-cloud-registry \
  --docker-server=eu.gcr.io --docker-username=_json_key \
  --docker-password="$(cat google-cloud-registry.json)" \
  --docker-email="docker-registry-pull vb-europe iam \
  gserviceaccount.com"
secret/google-cloud-registry
<-------------------------------------------------------------------

and add it to the service accounts:
------------------------------------------------------------------->
$ oc secrets add serviceaccount/default \
  secrets/google-cloud-registry --for=""> $ oc secrets add serviceaccount/builder \
  secrets/google-cloud-registry
<-------------------------------------------------------------------

The corresponding pod definition contains:
------------------------------------------------------------------->
[...]
          containers:
            -
              name: "deployer"
              image: "eu.gcr.io/vb-europe/graylog-stack-deployer:latest"
              imagePullPolicy: "Always"
              env:
[...]
<-------------------------------------------------------------------

However when I try to create the container I get:
------------------------------------------------------------------->
Failed to pull image "eu.gcr.io/vb-europe/graylog-stack-
deployer:latest": image pull failed for eu.gcr.io/vb-europe/graylog-
stack-deployer:latest, this may be because there are no credentials on
this request. details: (Error: Status 403 trying to pull repository
vb-europe/graylog-stack-deployer: "Unable to access the repository:
vb-europe/graylog-stack-deployer; please verify that it exists and you
have permission to access it (no valid credential was supplied).")
<------------------------------------------------------------------

What am I missing?


Cheers,

Andre
--
Andre Esser, IT Manager
Voidbridge Software Ltd

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]