IBM Cloud 代码引擎:构建在步骤 "step-build-and-push" 中失败,出现错误 UNAUTHORIZED
IBM Cloud Code Engine: Build fails in step "step-build-and-push" with error UNAUTHORIZED
我有一个现有的 IBM Cloud Code Engine 项目,该项目之前正在运行。我提交了一个新的 buildrun,但它失败了。根据错误消息,这是由于私有映像注册表 (IBM Cloud Container Registry) 的权限所致。 IAM API 密钥有效并且正在用于其他任务。没有配额问题。
ibmcloud ce buildrun submit --build mybuild
检查它显示的状态失败。查看日志,这些是问题行:
myproject-build-run-n9xm6-xxx-pod-yyy/step-build-and-push: error
checking push permissions -- make sure you entered the correct tag
name, and that you are authenticated correctly, and try again:
checking push permission for "us.icr.io/henrik/myproject:latest":
creating push check transport for us.icr.io failed: GET
https://us.icr.io/oauth/token?scope=repository%3Ahenrik%myproject%3Apush%2Cpull&service=registry:
UNAUTHORIZED: The login credentials are not valid, or your IBM Cloud
account is not active.; The login credentials are not valid, or your
IBM Cloud account is not active.
无论我使用 CLI 还是浏览器控制台,错误都是一样的。
原来我启用了enforced private endpoint access for the container registry, a security best practice. However, with that I needed the right credentials in Code Engine to access the container registry。使用 IBM Cloud Container Registry,在代码引擎中我需要
- 为注册表服务器 private.
.icr.io 创建注册表凭据,例如 private.us.icr.io ,
- 将图像名称也设置为具有专用端点,例如 private.us.icr.io/henrik/myproject.
凭据和图像名称都具有匹配的服务器名称,我成功了,错误消失了。
我有一个现有的 IBM Cloud Code Engine 项目,该项目之前正在运行。我提交了一个新的 buildrun,但它失败了。根据错误消息,这是由于私有映像注册表 (IBM Cloud Container Registry) 的权限所致。 IAM API 密钥有效并且正在用于其他任务。没有配额问题。
ibmcloud ce buildrun submit --build mybuild
检查它显示的状态失败。查看日志,这些是问题行:
myproject-build-run-n9xm6-xxx-pod-yyy/step-build-and-push: error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "us.icr.io/henrik/myproject:latest": creating push check transport for us.icr.io failed: GET https://us.icr.io/oauth/token?scope=repository%3Ahenrik%myproject%3Apush%2Cpull&service=registry: UNAUTHORIZED: The login credentials are not valid, or your IBM Cloud account is not active.; The login credentials are not valid, or your IBM Cloud account is not active.
无论我使用 CLI 还是浏览器控制台,错误都是一样的。
原来我启用了enforced private endpoint access for the container registry, a security best practice. However, with that I needed the right credentials in Code Engine to access the container registry。使用 IBM Cloud Container Registry,在代码引擎中我需要
- 为注册表服务器 private.
.icr.io 创建注册表凭据,例如 private.us.icr.io , - 将图像名称也设置为具有专用端点,例如 private.us.icr.io/henrik/myproject.
凭据和图像名称都具有匹配的服务器名称,我成功了,错误消失了。