TechQA.

Unable to pull images from Artifact Registry when deploying to Cloud Run

358 views Asked by At

Introduction

I am using Cloud Build for learning how to build Docker images, storing them in Artifact Registry and then deploying the final product to Cloud Run. Please see the cloudbuild.yaml below:

steps:
  # Build the container image
  - name: 'gcr.io/cloud-builders/docker'
    args: ['build', '.', '-t', '[REGION]-docker.pkg.dev[projectId]/[repository]/[image]:latest']

  # Push to Artifact Registry
  - name: 'gcr.io/cloud-builders/docker'
    args: ['push', '[REGION]-docker.pkg.dev[projectId]/[repository]/[image]:latest']

  # List Docker images (for debugging)
  - name: 'gcr.io/cloud-builders/docker'
    args: ['images']

  # Log in to Artifact Registry
  - name: 'gcr.io/cloud-builders/docker'
    args: ['login', '[REGION]-docker.pkg.dev[projectId]/[repository]/[image]:latest']

  # Deploy to Cloud Run
  - name: 'gcloud'
    args:
      - 'run'
      - 'deploy'
      - 'REPLACE_WITH_SERVICE_NAME'
      - '--image'
      - '[REGION]-docker.pkg.dev[projectId]/[repository]/[image]:latest'
      - '--region'
      - 'REPLACE_WITH_REGION'
      - '--platform'
      - 'managed'
      - '--allow-unauthenticated'

All the steps are marked as successful in Cloud Build, but when it reaches the deployment to Cloud Run step it shows this error message:

Error response from daemon: pull access denied for gcloud, repository does not exist or may require docker login:denied:requested access to the resource is denied

I have been reading through the documentation and I made sure that the following requirements are met:

  1. I followed this Artifact Registry documentation for setting this up
  2. The repository and image exist in Artifact Registry
  3. Cloud Build service account has the necessary permissions to manage Artifact Registry resources:

    • roles/artifactregistry.reader

    • roles/artifactregistry.writer

Questions:

  • Am I missing any step in my cloudbuild.yaml?
  • Why I can push images to Artifact Registry, but not pull them for deployment?
docker google-cloud-platform google-cloud-build google-artifact-registry google-devtools-cloudbuild
Original Q&A
1

There are 1 answers

0
Roopa M On BEST ANSWER

The issue you are facing is attributable to incorrect build configuration (cloudbuild.yaml)

In the build configuration you have a step with the name "gcloud". The Name of the step is not an arbitrary string, but needs to refer to the existing docker image. If the image is not prefixed with the domain it is being looked at in docker hub.

Check this documentation on using cloud build to understand what the name parameter of the step is.

And also check this document for sample cloud run deployment from cloud build

  steps:
  # Build the container image
  - name: 'gcr.io/cloud-builders/docker'
    args: ['build', '-t', 'gcr.io/$PROJECT_ID/SERVICE-NAME:$COMMIT_SHA', '.']
  # Push the container image to Container Registry
  - name: 'gcr.io/cloud-builders/docker'
    args: ['push', 'gcr.io/$PROJECT_ID/SERVICE-NAME:$COMMIT_SHA']
  # Deploy container image to Cloud Run
  - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
    - 'run'
    - 'deploy'
    - 'SERVICE-NAME'
    - '--image'
    - 'gcr.io/$PROJECT_ID/SERVICE-NAME:$COMMIT_SHA'
    - '--region'
    - 'REGION'
  images:
  - 'gcr.io/$PROJECT_ID/SERVICE-NAME:$COMMIT_SHA'

Related Questions in DOCKER

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-CLOUD-BUILD

Related Questions in GOOGLE-ARTIFACT-REGISTRY

Related Questions in GOOGLE-DEVTOOLS-CLOUDBUILD

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions