我已经制作了一个Dockerfile,用于将我的node.js应用程序部署到谷歌容器引擎中。它看起来如下所示
FROM node:0.12
COPY google-cloud-sdk /google-cloud-sdk
RUN /google-cloud-sdk/bin/gcloud init
COPY bpe /bpe
CMD cd /bpe;npm start
我应该在Dockerfile中使用gcloud init,因为我的node.js应用程序正在使用gcloud-node模块在GCS中创建存储桶。 当我使用上面的dockerfile并建立docker时,它失败并出现以下错误
sudo docker build -t gcr.io/[PROJECT_ID]/test-node:v1 .
Sending build context to Docker daemon 489.3 MB
Sending build context to Docker daemon
Step 0 : FROM node:0.12
---> 57ef47f6c658
Step 1 : COPY google-cloud-sdk /google-cloud-sdk
---> f102b82812f5
Removing intermediate container 4433b0f3627f
Step 2 : RUN /google-cloud-sdk/bin/gcloud init
---> Running in 21aead97cf65
Welcome! This command will take you through the configuration of gcloud.
Your current configuration has been set to: [default]
To continue, you must log in. Would you like to log in (Y/n)?
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&prompt=select_account&response_type=code&client_id=32555940559.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute&access_type=offline
ERROR: There was a problem with web authentication.
ERROR: (gcloud.auth.login) invalid_grant
ERROR: (gcloud.init) Failed command: [auth login --force --brief] with exit code [1]
我通过在google-cloud-sdk源代码中对验证密钥进行硬编码来完成它。请让我知道解决此问题的正确方法。
答案 0 :(得分:13)
gcloud init
是一个运行
gcloud config configurations create MY_CONFIG
gcloud config configurations activate MY_CONFIG
gcloud auth login
gcloud config set project MY_PROJECT
允许用户选择配置,登录(通过浏览器)并选择项目。
对于您的用例,您可能不想使用gcloud init
,而是应该从https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=MY_PROJECT下载服务帐户密钥文件,使其在docker容器中可访问并通过
gcloud auth activate-service-account --key-file my_service_account.json
gcloud config set project MY_PROJECT
答案 1 :(得分:3)
从容器引擎中使用gcs的更好方法是授予群集权限。 例如,如果您使用devstorage.read_only作用域创建了VM,则即使您的服务帐户具有写入存储桶的权限,尝试写入存储桶也会失败。你需要devstorage.full_control或devstorage.read_write。
创建集群时,我们可以使用以下命令gcloud container clusters create catch-world \
--num-nodes 1 \
--machine-type n1-standard-1 \
--scopes https://www.googleapis.com/auth/devstorage.full_control