我想上传在虚拟机上构建的 docker 镜像,但是执行命令时:
gcloud builds submit --tag eu.gcr.io/luccid-mvp/luccid_mvp_app:0.0.1 --verbosity debug我收到:
gcloud builds submit --tag eu.gcr.io/luccid-mvp/luccid_mvp_app:0.0.1 --verbosity debug
DEBUG: Running [gcloud.builds.submit] with arguments: [--tag: "eu.gcr.io/luccid-mvp/luccid_mvp_app:0.0.1", --verbosity: "debug"]
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/[email protected]/?recursive=true
DEBUG: Starting new HTTP connection (1): metadata.google.internal:80
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/[email protected]/?recursive=true HTTP/1.1" 200 197
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/[email protected]/token
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/[email protected]/token HTTP/1.1" 200 868
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/[email protected]/?recursive=true
DEBUG: Starting new HTTP connection (1): metadata.google.internal:80
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/[email protected]/?recursive=true HTTP/1.1" 200 197
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/[email protected]/token
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/[email protected]/token HTTP/1.1" 200 868
DEBUG: Starting new HTTPS connection (1): storage.googleapis.com:443
DEBUG: https://storage.googleapis.com:443 "GET /storage/v1/b/luccid-mvp_cloudbuild?alt=json HTTP/1.1" 404 247
DEBUG: Starting new HTTPS connection (1): storage.googleapis.com:443
DEBUG: https://storage.googleapis.com:443 "POST /storage/v1/b?alt=json&project=luccid-mvp HTTP/1.1" 403 204
DEBUG: (gcloud.builds.submit) The user is forbidden from accessing the bucket [luccid-mvp_cloudbuild]. Please check your organization's policy or if the user has the "serviceusage.services.use" permission. Giving the user Owner, Editor, or Viewer roles may also fix this issue. Alternatively, use the --no-source option and access your source code via a different method.
Traceback (most recent call last):
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/api_lib/storage/storage_api.py", line 385, in CreateBucketIfNotExists
self.client.buckets.Get(self.messages.StorageBucketsGetRequest(
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/generated_clients/apis/storage/v1/storage_v1_client.py", line 265, in Get
return self._RunMethod(
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in _RunMethod
return self.ProcessHttpResponse(method_config, http_response, request)
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 743, in ProcessHttpResponse
self.__ProcessHttpResponse(method_config, http_response, request))
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 609, in __ProcessHttpResponse
raise exceptions.HttpError.FromResponse(
apitools.base.py.exceptions.HttpNotFoundError: HttpError accessing <https://storage.googleapis.com/storage/v1/b/luccid-mvp_cloudbuild?alt=json>: response: <{'x-guploader-uploadid': 'ADPycdt-BQs9J9DAHGi1qmVafWijPiwTiVUi8Fgv19rVqzirU84bp8gxJcXYerjzgDlXNFnKZclrA7fD2aYCxDIyI7Tyj5TvJjoQ', 'content-type': 'application/json; charset=UTF-8', 'date': 'Fri, 02 Jun 2023 16:43:59 GMT', 'vary': 'Origin, X-Origin', 'cache-control': 'no-cache, no-store, max-age=0, must-revalidate', 'expires': 'Mon, 01 Jan 1990 00:00:00 GMT', 'pragma': 'no-cache', 'content-length': '247', 'server': 'UploadServer', 'status': 404}>, content <{
"error": {
"code": 404,
"message": "The specified bucket does not exist.",
"errors": [
{
"message": "The specified bucket does not exist.",
"domain": "global",
"reason": "notFound"
}
]
}
}
>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/command_lib/builds/submit_util.py", line 337, in SetSource
gcs_client.CreateBucketIfNotExists(
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/api_lib/storage/storage_api.py", line 402, in CreateBucketIfNotExists
self.client.buckets.Insert(storage_buckets_insert_request)
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/generated_clients/apis/storage/v1/storage_v1_client.py", line 317, in Insert
return self._RunMethod(
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in _RunMethod
return self.ProcessHttpResponse(method_config, http_response, request)
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 743, in ProcessHttpResponse
self.__ProcessHttpResponse(method_config, http_response, request))
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 609, in __ProcessHttpResponse
raise exceptions.HttpError.FromResponse(
apitools.base.py.exceptions.HttpForbiddenError: HttpError accessing <https://storage.googleapis.com/storage/v1/b?alt=json&project=luccid-mvp>: response: <{'x-guploader-uploadid': 'ADPycdsZh9Ln6GomokSkaQQAUuXUiyViOsa1_UIVpudUC6-n1Io5BJwHXnLwU6OiCoYt5Enn-fBGMrdIclXD3kfn4fYbvTSjhcKV', 'content-type': 'application/json; charset=UTF-8', 'date': 'Fri, 02 Jun 2023 16:43:59 GMT', 'vary': 'Origin, X-Origin', 'cache-control': 'no-cache, no-store, max-age=0, must-revalidate', 'expires': 'Mon, 01 Jan 1990 00:00:00 GMT', 'pragma': 'no-cache', 'content-length': '204', 'server': 'UploadServer', 'status': 403}>, content <{
"error": {
"code": 403,
"message": "Access denied.",
"errors": [
{
"message": "Access denied.",
"domain": "global",
"reason": "forbidden"
}
]
}
}
>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 987, in Execute
resources = calliope_command.Run(cli=self, args=args)
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
resources = command_instance.Run(args)
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/surface/builds/submit.py", line 203, in Run
build_config = submit_util.SetSource(
File "/home/pascal_gula_luccid_ai/.cache/cloud-code/installer/google-cloud-sdk/lib/googlecloudsdk/command_lib/builds/submit_util.py", line 348, in SetSource
raise BucketForbiddenError(
googlecloudsdk.command_lib.builds.submit_util.BucketForbiddenError: The user is forbidden from accessing the bucket [luccid-mvp_cloudbuild]. Please check your organization's policy or if the user has the "serviceusage.services.use" permission. Giving the user Owner, Editor, or Viewer roles may also fix this issue. Alternatively, use the --no-source option and access your source code via a different method.
ERROR: (gcloud.builds.submit) The user is forbidden from accessing the bucket [luccid-mvp_cloudbuild]. Please check your organization's policy or if the user has the "serviceusage.services.use" permission. Giving the user Owner, Editor, or Viewer roles may also fix this issue. Alternatively, use the --no-source option and access your source code via a different method.
make: *** [Makefile:39: run_gcr_build] Error 1
我将服务使用 xxx 角色添加到关联的 [电子邮件受保护] SA。我还尝试添加所有者角色但没有成功...
不确定添加角色需要多长时间,但30分钟不够。
我还将所有者添加到与 Cloud Build 关联的 2 个 SA,但没有成功。
由于 ContainerRegistry 即将被淘汰,我决定转向 ArtifactRegistry,这是没有问题的,示例如下:
LOCATION=europe-west3
PROJECT_ID := $(shell gcloud config get-value project)
REPOSITORY=gcf-artifacts
IMAGE_NAME=${APP_NAME}
GAR_TAG := ${LOCATION}-docker.pkg.dev/${PROJECT_ID}/${REPOSITORY}/${IMAGE_NAME}
run_gar_push:
echo "${GCR_TAG}"
gcloud auth configure-docker ${LOCATION}-docker.pkg.dev
docker tag ${IMAGE_NAME} ${GAR_TAG}:${VERSION}
docker push ${GAR_TAG}:${VERSION}
检查以下事项,
gcloud auth listgcloud config list通过运行检查存储桶访问情况
gsutil ls gs://<bucket name>如果您从 gcp vm 运行 gcloud 命令并且 cli 上没有激活任何帐户,则它使用附加到 gcp vm 的服务帐户,因此请确保向该帐户授予所需的权限。
如果项目受 vpc sc 边界保护,则通过编辑入口规则来更新边界以允许 cloudbuild 帐户。
在您的帐户上激活您的账单