Hello everybody. I have a problem in a privateCloud, where I configured the google GCR as a registry, I am using Workload Identity as per mendix documentation. But I'm always getting the following error: time="2022-07-19T19:47:17Z" level=error msg="Failed to build mendix app, failed to append layer to base image pushing image gcr.io/tch-devops-prd/tch-devops-prd:mnh7y0h0: GET https://gcr.io/v2/token?scope=repository%3Atch-devops-prd%2Ftch-devops-prd%3Apush%2Cpull&service=gcr.io: UNAUTHORIZED: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication" I noticed that the GET is trying to get a token that should be referenced in the Bind of the GSA ( google Service Account ) with the Service account of kubernetes, but unfortunately this is not what happens. Has anyone had similar problems related to the google registry?
asked
Wilton Gallego
1 answers
0
After some analysis, I managed to come up with a solution. Clusters must default to Workload Identity or be migrated, both cluster and node pool. Here's the documentation I followed to get to a solution where registry works perfectly.