我有一个使用Google Artifact Registry的私有Python包。
在requirements.txt中,索引url使用
--extra-index-url ...
some_package==1.0.0在运行gcloud auth application-default login之后,这在简单地从我的virtualenv运行pip install -r requirements.txt时有效。然而,当我运行gcloud beta code dev并尝试构建Docker镜像时,这似乎不起作用。也许我的假设是错误的,但我认为它可以通过简单地提供application-default-credential标志来访问凭据。
Dockerfile(keyring.txt安装keyring和google keyring)
# Use an official lightweight Python image.
# https://hub.docker.com/_/python
FROM python:3.10-slim
ENV APP_HOME /app
WORKDIR $APP_HOME
# Removes output stream buffering, allowing for more efficient logging
ENV PYTHONUNBUFFERED 1
# Disable pip caching, smaller image as a result
ENV PIP_NO_CACHE_DIR 1
ENV PIP_DISABLE_PIP_VERSION_CHECK 1
# Install dependencies
COPY ./requirements ./requirements
RUN pip install -r requirements/keyring.txt
RUN pip install -r requirements/production.txt
# Copy local code to the container image
COPY . .
CMD exec gunicorn --bind 0.0.0.0:$PORT config.wsgi:application产出
...
#9 5.475 WARNING: Compute Engine Metadata server unavailable on attempt 1 of 3. Reason: timed out
#9 5.531 WARNING: Compute Engine Metadata server unavailable on attempt 2 of 3. Reason: [Errno 113] No route to host
#9 8.539 User for us-central1-python.pkg.dev: WARNING: Compute Engine Metadata server unavailable on attempt 3 of 3. Reason: timed out
#9 8.542 WARNING: Authentication failed using Compute Engine authentication due to unavailable metadata server.
#9 8.542 WARNING: Failed to retrieve Application Default Credentials: Your default credentials were not found. To set up Application Default Credentials, see https://cloud.google.com/docs/authentication/external/set-up-adc for more information.
#9 8.542 WARNING: Trying to retrieve credentials from gcloud...
#9 8.542 WARNING: Failed to retrieve credentials from gcloud: gcloud command exited with status: [Errno 2] No such file or directory: 'gcloud'
#9 8.542 WARNING: Artifact Registry PyPI Keyring: No credentials could be found.
#9 8.542 WARNING: Keyring is skipped due to an exception: Failed to find credentials, Please run: `gcloud auth application-default login or export GOOGLE_APPLICATION_CREDENTIALS=<path/to/service/account/key>`
...我是否对application-default-credential标志的作用有根本性的误解?有没有办法让它在本地工作?
我希望docker镜像构建使用应用程序默认凭据,但事实并非如此。
1条答案
按热度按时间vvppvyoh1#
'gcloud auth application-default login'命令将凭据存储在文件**'Adc.json'中,该文件位于用户主目录的'config/gcloud'目录中。
在Docker镜像构建过程中,上述目录不存在,这就是为什么无法从文件中检索凭据。'gcloud'命令也没有安装,这就是为什么说错误“'No such file or directory:' gcloud '"。
使用-v选项,运行'docker run'命令,将'config/gcloud'**挂载到Docker Container中。