I am having some issues with setting up private image pulls from a GCP Registry. I am attempting to use a Service Account in GCP to set this up. Essentially, I have performed the following steps:
- Created a json key file with the correct permissions in my GCP project that houses my container images.
- Downloaded my key file and ran the following command against the key file:
cat account.json | docker login -u _json_key --password-stdin https://gcr.io
- Confirmed that once the docker login succeeded that I could pull images from that registry
At this point I logged into Drone and added a secret named
dockerconfig with the contents of my
/.docker/config.json from the previous steps. I then setup a pipeline that looks something like this:
#---------------# # Pipeline One # #---------------# kind: pipeline type: docker name: pipeline-1 environment: SOME_VARIABLES: blah steps: ... - name: Step-that-matters image: gcr.io/<my-project>/<my-image> ... image_pull_secrets: - dockerconfig trigger: event: - pull_request #END OF PIPELINE ONE --- # START OF SECOND PIPELINE #---------------# # Pipeline two # #---------------# kind: pipeline type: docker name: pipeline-2 ... trigger: branch: - master event: - push
However, every time this pipeline reaches the step where it needs to download the private image I receive the following error:
<pipeline-name>: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
I have triple checked my permissions at this point although this was confirmed in Step 3 from above. Is there something else I am missing or some formatting issue I have?
Let me know if you need any additional info and thank you!!