Easiest way to install Docker in Ubuntu is to use snap. But then when you try to pull/push any images from Google Cloud Platform (GCP) recommended way of authorisation does not work:
jhartman@docker-mtx:~$ gcloud config configurations list
NAME IS_ACTIVE ACCOUNT PROJECT COMPUTE_DEFAULT_ZONE COMPUTE_DEFAULT_REGION
cloudlab2-gke True jarek.hartman cloudlab2 europe-west3-a europe-west3
jhartman@docker-mtx:~$ gcloud auth configure-docker europe-west3-docker.pkg.dev
WARNING: Your config file at [/home/jhartman/.docker/config.json] contains these credential helper entries:
{
"credHelpers": {
"europe-west3-docker.pkg.dev": "gcloud"
}
}
Here problems start:
jhartman@docker-mtx:~$ docker pull europe-west3-docker.pkg.dev/image:tag
Error response from daemon: Head "https://europe-west3-docker.pkg.dev/v2/...": denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/..." (or it may not exist)
At same time, access through gcloud
was perfectly fine.
Solution
The problem in Ubuntu is caused by the fact that Docker (containerd) config is not in ~/.docker/config.json
but in ~/snap/docker/current/.docker/config.json
hence updates done by gcloud
during authorisation were pointless…
Workaround would be:
jhartman@docker-mtx:~$ gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin europe-west3-docker.pkg.dev
WARNING! Your password will be stored unencrypted in /home/jhartman/snap/docker/1690/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
And then pull/push working like a charm:
jhartman@docker-mtx:~$ docker pull europe-west3-docker.pkg.dev/image:tag
5231: Pulling from europe-west3-docker.pkg.dev/image:tag
3a4f63a9dc19: Pull complete
1cd88f0a187e: Pull complete
33caad1a25ea: Pull complete
bfb8d2741ff0: Pull complete
2df8449effdc: Pull complete
8a4655bb8125: Pull complete
dc98993f639a: Pull complete
a08d68e75306: Pull complete
3d670ad44e40: Pull complete
91166be76bdb: Pull complete
d4a24c5dd40b: Pull complete
575366bf6fbf: Pull complete
bd8e088245b3: Pull complete
6bc8a88dc370: Pull complete
bcf90c1eb11d: Pull complete
d51ef5ba66eb: Pull complete
89c850dd2670: Pull complete
3d7de77cc147: Pull complete
8a2cc59b59e7: Pull complete
b32d2ad7cedb: Pull complete
bb06b45c3cb6: Pull complete
Digest: sha256:c936ba84a630e20a8e0d9866b7841deebdeb76923881a783111bd661a9a4fa26
Status: Downloaded newer image for europe-west3-docker.pkg.dev/image:tag
How to fix Permission “artifactregistry.repositories.downloadArtifacts” denied on resource on Ubuntu when pulling from Google Artifact repository
Thanks It has worked now after wasting two days on it.