This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Using GCP credentials in jenkins for docker build step

Posted 4 weeks ago
maneesh299
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

 

Hi All,

We are running Jenkins as a workload deployed using helm chart within google cloud environment and have setup workload identity to access Google Cloud APIs in Cloud. The service account say is service-account-project.iam.gserviceaccount.com.

Now we have a step in the jenkins as below

withCredentials([file(credentialsId: 'credentials-jenkins-001_service-account-project', variable: 'GOOGLE_APPLICATION_CREDENTIALS')]) { sh(""" gcloud auth configure-docker europe-docker.pkg.dev docker build -t ${imageTag} --secret id=adc,src=$GOOGLE_APPLICATION_CREDENTIALS . """)

 

and the credential credentials-jenkins-001_service-account-project in jenkins is pointed to the downloaded json key of the service account. The credentials i can see in manage jenkins—>manage credentials section.

So can someone help me in setting this authentication without the need of the downloaded json key(credentials-jenkins-001_service-account-project)? We have already setup workload identity to access the gcp apis and the jenkins is already running in Google cloud with in a GKE cluster. Please help how we can achieve this?

 

 

 

0 4 230
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
timogoosen
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Are you trying to authenticate to Artifact Registry from jenkins in order to pull and push docker images?

0 Likes

Posted on --/--/---- --:-- AM
maneesh299
Bronze 1
Bronze 1
In response to timogoosen
Reply posted on --/--/---- --:-- AM

yes trying to authenticate to Artifact Registry to pull images.

basically trying to poetry install from artifact registry(private repository) for python packages

should i use the in build service account variable - /var/run/secrets/kubernetes.io/serviceaccount/token

as somehow if no secret is passed like 'docker build -t ${imageTag} .'getting the below error

"Failed to find credentials, Please run: `gcloud auth application-default login or export GOOGLE_APPLICATION_CREDENTIALS=<path/to/service/account/key>`"

0 Likes

Posted on --/--/---- --:-- AM
timogoosen
Bronze 5
Bronze 5
In response to maneesh299
Reply posted on --/--/---- --:-- AM

Download the service account private key file. Then take the text from that file and save it as an environment variable value. So key will be something like ARTIFACT_REGISTRY_KEY and value will be the contents of the service account file that you downloaded.

0 Likes

Posted on --/--/---- --:-- AM
timogoosen
Bronze 5
Bronze 5
In response to maneesh299
Reply posted on --/--/---- --:-- AM

Try everything locally before you do it in jenkins.
See that you can push if you use the contents of that service account file in an environment variable.
Let me know if you get it working else I can try find my old notes.

0 Likes
Top Labels in this Space