early-lunch-37616
11/30/2022, 6:48 PMrapid-eye-50641
11/30/2022, 10:12 PMearly-lunch-37616
11/30/2022, 10:13 PMnerdctl login
and then gcloud auth configure-docker <http://us-central1-docker.pkg.dev|us-central1-docker.pkg.dev>
rapid-eye-50641
11/30/2022, 10:16 PMpull
command?early-lunch-37616
11/30/2022, 10:17 PMnerdctl image pull <http://us-central1-docker.pkg.dev/[my-docker-image]|us-central1-docker.pkg.dev/[my-docker-image]> --debug
DEBU[0000] verification process skipped
DEBU[0000] Ignoring hosts dir "/etc/containerd/certs.d" error="stat /etc/containerd/certs.d: no such file or directory"
DEBU[0000] Ignoring hosts dir "/etc/docker/certs.d" error="stat /etc/docker/certs.d: no such file or directory"
DEBU[0000] The image will be unpacked for platform {"arm64" "linux" "" [] "v8"}, snapshotter "overlayfs".
DEBU[0000] fetching image="us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10"
DEBU[0000] resolving host=us-central1-docker.pkg.dev
DEBU[0000] do request host=us-central1-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, */*" request.header.user-agent=containerd/1.6.0+unknown request.method=HEAD url="<https://us-central1-docker.pkg.dev/v2/activated-manage/ai/eve/manifests/base-v10>"
us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10: resolving |--------------------------------------|
elapsed: 0.1 s total: 0.0 B (0.0 B/s)
DEBU[0000] fetch response received host=us-central1-docker.pkg.dev response.header.content-length=102 response.header.content-type=application/json response.header.date="Wed, 30 Nov 2022 22:20:43 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.www-authenticate="Bearer realm=\"<https://us-central1-docker.pkg.dev/v2/token>\",service=\"us-central1-docker.pkg.dev\",scope=\"repository:activated-manage/ai/eve:pull\"" response.header.x-content-type-options=nosniff response.header.x-frame-options=SAMEORIGIN response.header.x-xss-protection=0 response.status="401 Unauthorized" url="<https://us-central1-docker.pkg.dev/v2/activated-manage/ai/eve/manifests/base-v10>"
DEBU[0000] Unauthorized header="Bearer realm=\"<https://us-central1-docker.pkg.dev/v2/token>\",service=\"us-central1-docker.pkg.dev\",scope=\"repository:activated-manage/ai/eve:pull\"" host=us-central1-docker.pkg.dev
DEBU[0000] do request host=us-central1-docker.pkg.dev request.header.accept="application/vnd.docker.distribution.manifest.v2+json, application/vnus-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10: resolving |--------------------------------------|
elapsed: 0.2 s total: 0.0 B (0.0 B/s)
INFO[0000] trying next host error="failed to authorize: failed to fetch anonymous token: unexpected status from GET request to <https://us-central1-docker.pkg.dev/v2/token?scope=repository%3Aactivated-manage%2Fai%2Feve%3Apull&service=us-central1-docker.pkg.dev>: 403 Forbidden" host=us-central1-docker.pkg.dev
FATA[0000] failed to resolve reference "us-central1-docker.pkg.dev/activated-manage/ai/eve:base-v10": failed to authorize: failed to fetch anonymous token: unexpected status from GET request to <https://us-central1-docker.pkg.dev/v2/token?scope=repository%3Aactivated-manage%2Fai%2Feve%3Apull&service=us-central1-docker.pkg.dev>: 403 Forbidden
rapid-eye-50641
11/30/2022, 10:24 PM~/.docker/config.json
to use credential helpers then there's no need to explicitly login using docker login
or nerdctl login
.. You can directly execute commands such as push
that need authentication .. and the CLI in the background makes use of the credential helpers to get the login token and perform the operations..~/.docker/config.json
could look something like..
{
"credsStore": "wincred",
"credHelpers": {
"us-central1-docker.pkg.dev": "gcloud"
}
}
... and you can then authenticate with GCP using below commands before running any docker
or nerdctl
commands that need authentication..
gcloud auth login
gcloud auth activate-service-account <your-service-account-id>@<your-organization>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> --key-file=your-key-file.json
early-lunch-37616
11/30/2022, 10:32 PM{
"auths": {
"<https://index.docker.io/v1/>": {}
},
"credsStore": "desktop",
"credHelpers": {
"us-central1-docker.pkg.dev": "gcloud"
}
}
rapid-eye-50641
11/30/2022, 10:44 PMearly-lunch-37616
11/30/2022, 10:46 PMrapid-eye-50641
12/01/2022, 7:11 PM