无法在dockerfile

时间:2016-05-25 05:11:43

标签: docker dockerfile gcloud google-kubernetes-engine gcloud-node

我已经制作了一个Dockerfile,用于将我的node.js应用程序部署到谷歌容器引擎中。它看起来如下所示

FROM node:0.12
COPY google-cloud-sdk /google-cloud-sdk
RUN /google-cloud-sdk/bin/gcloud init
COPY bpe /bpe
CMD cd /bpe;npm start

我应该在Dockerfile中使用gcloud init,因为我的node.js应用程序正在使用gcloud-node模块在GCS中创建存储桶。 当我使用上面的dockerfile并建立docker时,它失败并出现以下错误

sudo docker build -t gcr.io/[PROJECT_ID]/test-node:v1 .

Sending build context to Docker daemon 489.3 MB
Sending build context to Docker daemon 
Step 0 : FROM node:0.12
 ---> 57ef47f6c658
Step 1 : COPY google-cloud-sdk /google-cloud-sdk
 ---> f102b82812f5
Removing intermediate container 4433b0f3627f
Step 2 : RUN /google-cloud-sdk/bin/gcloud init
 ---> Running in 21aead97cf65
Welcome! This command will take you through the configuration of gcloud.

Your current configuration has been set to: [default]

To continue, you must log in. Would you like to log in (Y/n)?  
Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&prompt=select_account&response_type=code&client_id=32555940559.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute&access_type=offline


ERROR: There was a problem with web authentication.
ERROR: (gcloud.auth.login) invalid_grant
ERROR: (gcloud.init) Failed command: [auth login --force --brief] with exit code [1]

我通过在google-cloud-sdk源代码中对验证密钥进行硬编码来完成它。请让我知道解决此问题的正确方法。

2 个答案:

答案 0 :(得分:13)

gcloud init是一个运行

的包装器命令
gcloud config configurations create MY_CONFIG
gcloud config configurations activate MY_CONFIG
gcloud auth login
gcloud config set project MY_PROJECT

允许用户选择配置,登录(通过浏览器)并选择项目。

对于您的用例,您可能不想使用gcloud init,而是应该从https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=MY_PROJECT下载服务帐户密钥文件,使其在docker容器中可访问并通过

激活它
gcloud auth activate-service-account --key-file my_service_account.json
gcloud config set project MY_PROJECT

答案 1 :(得分:3)

从容器引擎中使用gcs的更好方法是授予群集权限。 例如,如果您使用devstorage.read_only作用域创建了VM,则即使您的服务帐户具有写入存储桶的权限,尝试写入存储桶也会失败。你需要devstorage.full_control或devstorage.read_write。

创建集群时,我们可以使用以下命令

gcloud container clusters create catch-world \
        --num-nodes 1 \
        --machine-type n1-standard-1 \
        --scopes https://www.googleapis.com/auth/devstorage.full_control