skip to Main Content

In Ubuntu-22, google-cloud has been installed through snap store;

> whereis gcloud
gcloud: /snap/bin/gcloud
> snap list | grep google
google-cloud-sdk           432.0.0                     346    latest/stable    google-cloud-sdk**  classic

Docker has been installed via snap too;

> snap list | grep docker
docker                     20.10.24                    2893   latest/stable    canonical**

And I have authenticated my account to a private GCR as below;

> gcloud auth login
Your browser has been opened to visit:

    https://accounts.google.com/o/oauth2/auth?...<long_url>


You are now logged in as [<[email protected]>].
Your current project is [<desired_project_name>].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID

Double-checked the login process;

> gcloud auth list
           Credentialed Accounts
ACTIVE             ACCOUNT
*                  <[email protected]>

To set the active account, run:
    $ gcloud config set account `ACCOUNT`

But, when I try to pull or push any image, I hit the following issue;

unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

I am able to access to the image which I try to pull from the private GCR in my browser, this makes me think that it is an issue related to creds while performing docker pull in my terminal.

PS: This did not work for me Unable to push to Google Container Registry – Permission issue

What am I missing here?

EDIT:
As it is asked in the comments, I need to mention that I have performed one more step before auth login which is gcloud auth configure-docker;

> gcloud auth configure-docker
Adding credentials for all GCR repositories.
WARNING: A long list of credential helpers may cause delays running 'docker build'. We recommend passing the registry name to configure only the registry you are using.
After update, the following will be written to your Docker config file located at 
[/home/<user>/.docker/config.json]:
 {
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    ...
  }
}

Do you want to continue (Y/n)?  

Docker configuration file updated.

2

Answers


  1. Chosen as BEST ANSWER

    Removing snap installation and installing docker with apt has fixed my issue.

    The difference I have observed between two installations;

    • With snap, once gcloud auth login directs me to browser, authentication was completed by choosing google account only (Please see the 3rd code block in my question, no authorization code was asked).
    • With apt, after choosing the desired google account, I was directed to another page where the authorization code was provided which needed to be entered in the terminal;
    > gcloud auth login
    Your browser has been opened to visit:
    
        https://accounts.google.com/o/oauth2/auth?...<long_url>
    
    Enter authorization code: <Code_from_browser>  // This is the difference!!
    
    You are now logged in as [<[email protected]>].
    Your current project is [<desired_project_name>].  You can change this setting by running:
      $ gcloud config set project PROJECT_ID
    

    Thank you @JohnHanley pointed out that docker recommends apt installation.


  2. Posting this as a community wiki for everyone’s visibility.

    The permission issue with the docker was resolve by re-installing the docker with APT package manager. As said by John Hanley, the issue appears to be a bug with how the Docker was installed via snap. Using APT to install Docker is recommended by Docker themselves.

    Its also important to note that you should always remove/uninstall previous installations. According to this post, its also recommended to use either snap or apt all the way, as they can’t co-exist.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search