4

I have read this question and this one, and created my Kubernetes secret for Google Container Registry using a service account JSON key with project: owner and viewer permissions. I have also verified that the image does in fact exist in Google Container Registry by going to the console.

I have also read this document.

When I run:

minikube dashboard

And then from the user interface, I click the "+" sybmol, specify the URL of my image like this: 

project-123456/bot-image

then click on 'advanced options' and specify the Secret that was imported.

After a few seconds I see this error:

Error: Status 403 trying to pull repository project-123456/bot-image: "Unable to access the repository: project-123456/bot-image; please verify that it exists and you have permission to access it (no valid credential was supplied)."

If I look at what's inside the Secret file (.dockerconfigjson), it's like: {"https://us.gcr.io": {"email": "[email protected]", "auth": "longtexthere"}}

What could be the issue?

Improve this question

1 Answer 1

Reset to default
3

The json needs to have a top level "{auths": json key from:

Creating image pull secret for google container registry that doesn't expire?

So the json should be structured like:

{"auths":{"https://us.gcr.io": {"email": "[email protected]", "auth": "longtexthere"}}}

If you are still having issues, you can alternatively download the latest version of minikube (0.17.1) and run minikube addons configure registry-creds following the prompts there to setup creds then run minikube addons enable registry-creds

Now you should be able to pull down pods from GCR using a yaml structured like this:

apiVersion: v1 kind: Pod metadata: name: foo namespace: default spec: containers: - image: gcr.io/example-vm/helloworld:latest name: foo

EDIT: 6/13/2018 updating the commands to reflect comment by @Rambatino

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

thanks Aaron. I downloaded .17.1, enabled registry-creds with GCR and imported the JSON key. It reported "registry-creds was successfully enabled" but when I try to create a deployment with the GCR image it still fails, and doesn't populate any new Secrets.
Make sure that you didn't get the error: Could not read file for application_default_credentials.json Also can you verify that an ImagePullSecret was created with: kubectl describe serviceaccount Also did you add the gcr prefix to your image? I added an example pod spec that is working to my original answer.
did you end up resolving this issue? if it is easier, you can also post an issue on github: github.com/kubernetes/minikube
The enable registry-creds has been split into two commands: minikube addons configure registry-creds && minikube addons enable registry-creds (github.com/kubernetes/minikube/issues/1391)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.