英文:
Not able to deploy cloud function - ensure registry read/write access to us.gcr.io
问题
I am trying to deploy a simple cloud function (gen1) in my project. I have owner permission for the project.
however, while deploying I am getting following error.
"build": ERROR: failed to initialize analyzer: validating registry write access: ensure registry read/write access to us.gcr.io/project_xxx/gcf/northamerica-northeast1/3c5aeef8-dfbd-43de-9873-16a1b68e54ed/cache:4f2ca2a4-acef-42e1-94e2-3123fcd93c70"
I also provided Artifact Registry Administrator role to the service account tied to cloud function. however, I am still getting above error.
Update 1:
I gave Artifact Registry Administrator permission for cloudbuild.gserviceaccount.com service account as well. However, same error.
Update 2
Just to isolate the problem, I gave owner permission to both the service accounts. cloud function and cloud build service account and I am still getting this issue.
I checked the path as well for artifactory and it's empty. us.gcr.io/project-xxx/gcf/northamerica-northeast1/f4d0d3b2-6ed4-4e04-aab1-708b19e26d9c/cache:39767ec4-9f7d-4992-82c8-ae8d9658b909
I also, deleted the entire function and created new one with same service account and still getting issue.
Update 3:
I checked the cloudbuild settings and seems like it has all the access required.
英文:
I am trying to deploy a simple cloud function (gen1) in my project. I have owner permission for the project.
however, while deploying I am getting following error.
"build": ERROR: failed to initialize analyzer: validating registry write access: ensure registry read/write access to us.gcr.io/project_xxx/gcf/northamerica-northeast1/3c5aeef8-dfbd-43de-9873-16a1b68e54ed/cache:4f2ca2a4-acef-42e1-94e2-3123fcd93c70"
I also provided Artifact Registry Administrator role to the service account tied to cloud function. however, I am still getting above error.
Update 1:
I gave Artifact Registry Administrator permission for cloudbuild.gserviceaccount.com service account as well. However, same error.
Update 2
Just to isolate the problem, I gave owner permission to both the service accounts. cloud function and cloud build service account and I am still getting this issue.
I checked the path as well for artifactory and it's empty.
us.gcr.io/project-xxx/gcf/northamerica-northeast1/f4d0d3b2-6ed4-4e04-aab1-708b19e26d9c/cache:39767ec4-9f7d-4992-82c8-ae8d9658b909
I also, deleted the entire function and created new one with same service account and still getting issue.
Update 3:
I checked the cloudbuild settings and seems like it has all the access required.
答案1
得分: 1
你正在设置Artifact Registry权限,但默认情况下,gcr.io网址由Container Registry处理。如果您想要在Artifact Registry中使用gcr.io网址,您可以运行(需要roles/storage.admin):
gcloud beta artifacts settings enable-upgrade-redirection --project=PROJECT_ID
(更多详细信息请参阅https://cloud.google.com/artifact-registry/docs/transition/setup-gcr-repo)
如果您想使用Container Registry(不推荐),您应该使用以下权限:https://cloud.google.com/container-registry/docs/access-control
英文:
You are setting Artifact Registry permissions, but by default, gcr.io urls are handled by Container Registry. If you want to use gcr.io urls with Artifact Registry, you can run (needs roles/storage.admin):
gcloud beta artifacts settings enable-upgrade-redirection --project=PROJECT_ID
(See https://cloud.google.com/artifact-registry/docs/transition/setup-gcr-repo for more detailed info)
If you want to use Container Registry (not recommended), you should use these permissions: https://cloud.google.com/container-registry/docs/access-control
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论