Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Access GCR Private Registry Using Service Account Credentials #1189

Open
cwillhelm-mirantis opened this issue May 18, 2022 · 0 comments · May be fixed by #1199
Open

Unable to Access GCR Private Registry Using Service Account Credentials #1189

cwillhelm-mirantis opened this issue May 18, 2022 · 0 comments · May be fixed by #1199

Comments

@cwillhelm-mirantis
Copy link

What steps did you take and what happened:

I'm trying to get starboard to scan images in a private GCR registry, and I've successfully created the secrets and service account associations with the credentials.

To confirm my credentials work, I used:

cat gcp-starboard-key.json | docker login -u _json_key --password-stdin https://gcr.io/

With gcp-starboard-key.json being GCP service account credentials.

I then created the docker-registry secret in kubernetes using this command:

kubectl create secret docker-registry starboard-gcp-access --namespace default --docker-server=gcr.io --docker-username=_json_key --docker-password="$(cat ~/Downloads/gcp-starboard-key.json)" --docker-email="gcr-starboard-access@project.iam.gserviceaccount.com"

I associated the secret with the service accounts by adding the imagePullSecret: starboard-gcp-access.

In the starboard-operator logs, I see this:

"error":"reading .dockerconfigjson field of \"default/starboard-gcp-access\" secret: expected username and password concatenated with a colon (:)","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.2/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.2/pkg/internal/controller/controller.go:227"}

What did you expect to happen:

Starboard to pull the image and scan for VulnerabilityReport

Anything else you would like to add:

The cluster is running the latest version of GKE Autopilot (1.22.6).

Environment:

  • Starboard Version: {Version:0.14.1 Commit:5672fd4a4d608d9b094802098f3e950ec396ff51 Date:2022-01-25T17:38:43Z}
  • Kubernetes version (use kubectl version): Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:51:05Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"darwin/arm64"} Server Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.6-gke.300", GitCommit:"df413ee6225aa3fc539e18ca3464a48d723bd3ea", GitTreeState:"clean", BuildDate:"2022-01-24T09:29:08Z", GoVersion:"go1.16.12b7", Compiler:"gc", Platform:"linux/amd64"}
  • macOS 10.15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add GCR compatibility nekwar/starboard
1 participant
@cwillhelm-mirantis