Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to push to Google Cloud #1043

Closed
BenderV opened this issue Jun 28, 2018 · 22 comments
Closed

Unable to push to Google Cloud #1043

BenderV opened this issue Jun 28, 2018 · 22 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@BenderV
Copy link

BenderV commented Jun 28, 2018

I've tried every way to use Kompose, but I've always the same issue.

docker-compose.yml (with xxx being my google project name)

version: "3"
services:
  book-generator:
    image: gcr.io/xxx/book-generator:latest
    build: book-generator
    ports:
      - "5000:5000"

INFO Build key detected. Attempting to build and push image 'gcr.io/xxx/book-generator:latest'
INFO Building image 'gcr.io/xxx/book-generator:latest' from directory 'book-generator'
INFO Image 'gcr.io/xxx/book-generator:latest' from directory 'book-generator' built successfully
INFO Pushing image 'xxx/book-generator:latest' to registry 'gcr.io'
WARN Unable to retrieve .docker/config.json authentication details. Check that 'docker login' works successfully on the command line.: Failed to read authentication from dockercfg
INFO Authentication credentials are not detected. Will try push without authentication.
INFO Attempting authentication credentials 'gcr.io
ERRO Unable to push image 'xxx/book-generator:latest' to registry 'gcr.io'. Error: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
FATA Error while deploying application: k.Transform failed: Unable to push Docker image for service book-generator: unable to push docker image(s). Check that `docker login` works successfully on the command line

~/.docker/config.json

{
  "auths": {
    "https://staging-k8s.gcr.io": {},
    "https://eu.gcr.io": {},
    "https://index.docker.io/v1/": {},
    "https://gcr.io": {},
    "staging-k8s.gcr.io": {},
    "asia.gcr.io": {},
    "gcr.io": {},
    "k8s.gcr.io": {},
    "us.gcr.io": {},
    "https://us.gcr.io": {},
    "https://k8s.gcr.io": {},
    "https://asia.gcr.io": {},
    "eu.gcr.io": {}
  },
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud"
  },
  "credsStore": "osxkeychain",
  "HttpHeaders": {
    "User-Agent": "Docker-Client/18.03.1-ce (darwin)"
  }
}

I tried every type of login but I've always the same error. What is really surprising is that a direct:
gcloud docker -- push gcr.io/xxx/book-generator:latest works fine

Can you tell me how can I fix this issue ?
@Uelb
Copy link

Uelb commented Jul 9, 2018

Have you read this conversation ? #911 it seems like it's the same issue

@hangyan
Copy link
Contributor

hangyan commented Jul 10, 2018

@BenderV Does docker login and docker push works well?

@BenderV
Copy link
Author

BenderV commented Jul 19, 2018

@hangyan yes, docker login and docker push works well.

@lostcitizen
Copy link

lostcitizen commented Jul 24, 2018
edited
Loading

Similar thing happened to me.
I'm able to push with docker
docker push eu.gcr.io/XXXXXXX-####/container
but from "kompose up" just hangs on "INFO Attempting authentication credentials 'gcr.io "

@keroloswilliam
Copy link

had the same problem after running manually docker push and then tried kompose up again it worked for me

@iancrowther
Copy link

iancrowther commented Sep 5, 2018
edited
Loading

im also able to docker login and docker push.

> gcloud auth configure-docker
gcloud credential helpers already registered correctly.

@ttelfer
Copy link

ttelfer commented Oct 3, 2018

I am running into a similar issue but with Azure Container Registry. Both docker login and docker push work fine. Is it possible that its look for the .docker/config.json folder in the current directory rather than in the home directory ~/.docker/config.json?

@djmccormick
Copy link

I tried this on macOS High Sierra and Ubuntu with the same results:

djmccormick at droplet in ~/Projects/foo on k8s
± kompose up
INFO Build key detected. Attempting to build and push image 'gcr.io/baz-foo/bar'
INFO Building image 'gcr.io/baz-foo/bar' from directory 'foo'
INFO Image 'gcr.io/baz-foo/bar' from directory 'foo' built successfully
INFO Pushing image 'baz-foo/bar:latest' to registry 'gcr.io'
WARN Unable to retrieve .docker/config.json authentication details. Check that 'docker login' works successfully on the command line.: Failed to read authentication from dockercfg
INFO Authentication credentials are not detected. Will try push without authentication.
INFO Attempting authentication credentials 'gcr.io
ERRO Unable to push image 'baz-foo/bar:latest' to registry 'gcr.io'. Error: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
FATA Error while deploying application: k.Transform failed: Unable to push Docker image for service bar: unable to push docker image(s). Check that `docker login` works successfully on the command line

dmccormick at droplet in ~/Projects/foo on k8s
± docker push gcr.io/baz-foo/bar
The push refers to repository [gcr.io/baz-foo/bar]
f0d8f9de0422: Layer already exists
08b97a5a0452: Layer already exists
89099b8fb9c6: Layer already exists
c218274b2dd1: Layer already exists
df22d32922d6: Layer already exists
latest: digest: sha256:c74240eda4ae843ea88523c1ce2074f2be88ca9bbf21f1782dfc568490fc6d8f size: 1375

dmccormick at droplet in ~/Projects/foo on k8s
± docker login gcr.io
Authenticating with existing credentials...
Login Succeeded

dmccormick at droplet in ~/Projects/foo on k8s
± cat ~/.docker/config.json
{
	"auths": {
		"gcr.io": {}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/18.06.1-ce (linux)"
	},
	"credHelpers": {
		"asia.gcr.io": "gcloud",
		"eu.gcr.io": "gcloud",
		"gcr.io": "gcloud",
		"marketplace.gcr.io": "gcloud",
		"staging-k8s.gcr.io": "gcloud",
		"us.gcr.io": "gcloud"
	}
}%

@wuestkamp
Copy link

wuestkamp commented Jan 11, 2019
edited
Loading

So I solved this on OSX by disabling the keychain password storage:

  1. rm ~/.docker/config.json
  2. in Docker for Mac preferences, untick "Securely store Docker logins in macOS keychain"
  3. restart Docker for Mac
  4. docker login

Or for glcoud and pushing to gcr:
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

now your ~/.docker/config.json should contain base64 encoded passwords. Working, not safe though!

If someone gets the keychain storage to work that would be nice...

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 11, 2019
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 11, 2019
@larssb
Copy link

larssb commented May 23, 2019

@wuestkamp manually update to the new version of Docker Compose. You can get it here. Follow the guideline for manually installing/updating it.
Even though the text says that you get the latest one if you are using Docker Desktop for Mac I did not have v1.24 of Docker Compose. Yes I did try checking for updates.

After having updated, when I execute e.g. docker-compose up --build I would get a more descriptive error. Suggesting me to actually execute gcloud auth login or set the creds with gcloud to the set I wanted to use.
After having done one of the two I was now able to execute the docker-compose cmd I wanted to.

I hope the above helps.

@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@xiuliren
Copy link

xiuliren commented Oct 6, 2019

I configured the docker to be used without sudo, and use docker push rather than sudo docker push
it works!

@awmcclain
Copy link

awmcclain commented Apr 4, 2020
edited
Loading

This is still an issue in Kompose for OSX and gcloud as of Docker Desktop 2.2.0.4. If you've done any googling on the topic, you'll see @wuestkamp's workaround, which needs a couple tweaks.

  1. Remove the credsStore key in ~/.docker/config.json

This will force docker to write the auth into the json when you use docker login. You can't untick Securely store Docker logins in macOS keychain in the docker desktop any more -- and the current credStore is no longer macOS keychain, it's desktop.

  1. gcloud auth login Auth with gcloud (just to be explicit)
  2. gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

You should see this:

WARNING! Your password will be stored unencrypted in /Users/andrew/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

It would be super great to have Kompose use the credential helper properly!
/reopen

So I solved this on OSX by disabling the keychain password storage:

  1. rm ~/.docker/config.json
  2. in Docker for Mac preferences, untick "Securely store Docker logins in macOS keychain"
  3. restart Docker for Mac
  4. docker login

Or for glcoud and pushing to gcr:
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

now your ~/.docker/config.json should contain base64 encoded passwords. Working, not safe though!

If someone gets the keychain storage to work that would be nice...

@k8s-ci-robot
Copy link
Contributor

@awmcclain: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

This is still an issue in Kompose for OSX and gcloud as of Docker Desktop 2.2.0.4. If you've done any googling on the topic, you'll see @wuestkamp's workaround, which needs a couple tweaks.

  1. Remove the credsStore key in ~/.docker/config.json

This will force docker to write the auth into the json when you use docker login. You can't untick Securely store Docker logins in macOS keychain in the docker desktop any more -- and the current credStore is no longer macOS keychain, it's desktop.

  1. gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

You should see this:

WARNING! Your password will be stored unencrypted in /Users/andrew/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

It would be super great to have Kompose use the credential helper properly!
/reopen

So I solved this on OSX by disabling the keychain password storage:

  1. rm ~/.docker/config.json
  2. in Docker for Mac preferences, untick "Securely store Docker logins in macOS keychain"
  3. restart Docker for Mac
  4. docker login

Or for glcoud and pushing to gcr:
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

now your ~/.docker/config.json should contain base64 encoded passwords. Working, not safe though!

If someone gets the keychain storage to work that would be nice...

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@hangyan hangyan reopened this Apr 6, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@imzahahs
Copy link

So I solved this on OSX by disabling the keychain password storage:

  1. rm ~/.docker/config.json
  2. in Docker for Mac preferences, untick "Securely store Docker logins in macOS keychain"
  3. restart Docker for Mac
  4. docker login

Or for glcoud and pushing to gcr:
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

now your ~/.docker/config.json should contain base64 encoded passwords. Working, not safe though!

If someone gets the keychain storage to work that would be nice...

Using gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io worked for me instead of gcloud auth configure-docker in Jenkins with Ubuntu Slave

@KrisLau
Copy link

KrisLau commented Jan 5, 2022
edited
Loading

This is still an issue in Kompose for OSX and gcloud as of Docker Desktop 2.2.0.4. If you've done any googling on the topic, you'll see @wuestkamp's workaround, which needs a couple tweaks.

  1. Remove the credsStore key in ~/.docker/config.json

This will force docker to write the auth into the json when you use docker login. You can't untick Securely store Docker logins in macOS keychain in the docker desktop any more -- and the current credStore is no longer macOS keychain, it's desktop.

  1. gcloud auth login Auth with gcloud (just to be explicit)
  2. gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

You should see this:

WARNING! Your password will be stored unencrypted in /Users/andrew/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

It would be super great to have Kompose use the credential helper properly! /reopen

@awmcclain Bless your soul I've been looking everywhere to fix this issue and this is the only thing that worked!

@hangyan hangyan reopened this Jan 11, 2022
@cdrage
Copy link
Member

cdrage commented Jan 12, 2022

I'm going to close this for now as a NOTFIX because this is unrelated to Kompose and rather a Docker client issue.

Kompose no longer supports kompose up or kompose down. Only supporting conversion to docker-compose.yaml files.

@cdrage cdrage closed this as completed Jan 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests