In Ubuntu-22, google-cloud
has been installed through snap
store;
> whereis gcloud
gcloud: /snap/bin/gcloud
> snap list | grep google
google-cloud-sdk 432.0.0 346 latest/stable google-cloud-sdk** classic
Docker has been installed via snap
too;
> snap list | grep docker
docker 20.10.24 2893 latest/stable canonical**
And I have authenticated my account to a private GCR as below;
> gcloud auth login
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?...<long_url>
You are now logged in as [<my_email@address.com>].
Your current project is [<desired_project_name>]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
Double-checked the login process;
> gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* <my_email@address.com>
To set the active account, run:
$ gcloud config set account `ACCOUNT`
But, when I try to pull or push any image, I hit the following permission issue;
unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
I am able to access to the image which I try to pull from the private GCR in my browser, this makes me think that it is an issue related to creds while performing docker pull
in my terminal.
What am I missing here?
PS: The solution in this question did not work for me Unable to push to Google Container Registry - Permission issue
EDIT:
As it is asked in the comments, I need to mention that I have performed one more step before auth login
which is gcloud auth configure-docker
as below;
> gcloud auth configure-docker
Adding credentials for all GCR repositories.
WARNING: A long list of credential helpers may cause delays running 'docker build'. We recommend passing the registry name to configure only the registry you are using.
After update, the following will be written to your Docker config file located at
[/home/<user>/.docker/config.json]:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
...
}
}
Do you want to continue (Y/n)?
Docker configuration file updated.
Removing snap
installation and installing docker
with package manager apt
has fixed my issue.
The difference I have observed between two installations;
snap
, once gcloud auth login
directs me to browser, authentication was completed by choosing google account only (Please see the 3rd code block in my question, no authorization code
was asked).apt
, after choosing the desired google account, I was directed to another page where the authorization code
was provided which needed to be entered in the terminal;> gcloud auth login
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?...<long_url>
Enter authorization code: <Code_from_browser> // This is the difference!!
You are now logged in as [<my_email@address.com>].
Your current project is [<desired_project_name>]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
Thank you @JohnHanley pointed out that docker
recommends apt
installation.