I have been using container registry from a very long time but now it will deprecate from next year, I am going to use google artifactory registry. So here are my some queries:
1. I have created new repository in artifact registry and format is docker but when I push my image using Jenkins, it is created with name for repo as us.gcr.io. The complete path is
us-docker.pkg.dev/ProjectID/us.gcr.io/image:version
And that us.gcr.io is not a hostname as in ContainerRegistry but now is a folder inside the Project ID and the docker image inside the folder whichi s described as docker, unlike container registry has us.gcr.io as hostname.
2. After I pushed a image to artifactory registry, via Jenkins deployment but there is an error with : DENIED: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/PROJECTNAME/locations/LOCATION/repositories/REPONAME" (or it may not exist)
ERROR: Build step failed with exception com.github.dockerjava.api.exception.DockerClientException: Could not push image: denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource
I have already given permission to Jenkins Service account the role for Artifact Registry Writer.
Do I need to add any other role for Artifact Registry etc( Administrator or roles/artifactregistry.serviceAgent ) etc
Please help me with any solution.
Hello @maheshdo,
Welcome to the Google Cloud Community!
To answer your queries:
gcloud auth configure-docker us-central1-docker.pkg.dev
Also, take a look at this Stack Overflow post as you might have the same problem. Let me know if it helped, thanks!
Thank you for the details. Yes I have completed the authentication successfully. Even I'm able to pull the image from AR.
When I try to push image from Jenkins , in Jenkins I have added all the correct path and the registry path.
I have added a service account ( Dev-Jenkins ) and have the Role assigned Artifact-Registry-Administrator. The role I see has reference permissions as artifactregistry.repositories.uploadArtifacts.
Does Artifact Registry Create on Push role also required with the Artifact-Writer-Role?
Hi, I had the same issue with drone, this thread helped me out.
https://www.googlecloudcommunity.com/gc/Developer-Tools/Permission-quot-artifactregistry-repositorie...