无法在dockerfile中执行gcloud init
我已经做了一个Dockerfile用于将我的node.js应用程序部署到Google容器引擎中,如下所示
FROM node:0.12 COPY google-cloud-sdk /google-cloud-sdk RUN /google-cloud-sdk/bin/gcloud init COPY bpe /bpe CMD cd /bpe;npm start 我应该在Dockerfile中使用gcloud init,因为我的node.js应用程序使用gcloud-node模块在GCS中创build存储桶。 当我使用上面的docker文件,并做dockerbuild成它失败,以下错误
sudo docker build -t gcr.io/[PROJECT_ID]/test-node:v1 . Sending build context to Docker daemon 489.3 MB Sending build context to Docker daemon Step 0 : FROM node:0.12 ---> 57ef47f6c658 Step 1 : COPY google-cloud-sdk /google-cloud-sdk ---> f102b82812f5 Removing intermediate container 4433b0f3627f Step 2 : RUN /google-cloud-sdk/bin/gcloud init ---> Running in 21aead97cf65 Welcome! This command will take you through the configuration of gcloud. Your current configuration has been set to: [default] To continue, you must log in. Would you like to log in (Y/n)? Go to the following link in your browser: https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&prompt=select_account&response_type=code&client_id=32555940559.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute&access_type=offline ERROR: There was a problem with web authentication. ERROR: (gcloud.auth.login) invalid_grant ERROR: (gcloud.init) Failed command: [auth login --force --brief] with exit code [1]
我通过在google-cloud-sdk源代码中对authentication密钥进行硬编码来完成工作。请让我知道解决此问题的正确方法。
gcloud init是一个运行的包装器命令
gcloud config configurations create MY_CONFIG gcloud config configurations activate MY_CONFIG gcloud auth login gcloud config set project MY_PROJECT
它允许用户selectconfiguration,login(通过浏览器)和select一个项目。
对于您的用例,您可能不想使用gcloud init ,而应从https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=MY_PROJECT下载服务帐户密钥文件,使其可访问docker集装箱内,并通过激活它
gcloud auth activate-service-account --key-file my_service_account.json gcloud config set project MY_PROJECT
从容器引擎使用gcs的更好方法是给予群集许可。 例如,如果您使用devstorage.read_only作用域创build了VM,即使您的服务帐户有权写入存储桶,尝试写入存储桶也会失败。 您需要devstorage.full_control或devstorage.read_write。
在创build集群时我们可以使用下面的命令
gcloud container clusters create catch-world \ --num-nodes 1 \ --machine-type n1-standard-1 \ --scopes https://www.googleapis.com/auth/devstorage.full_control