dockerfile-maven plugin and GCR

Question

I followed the steps to push docker images to Google Cloud Registry here.

I could manually run docker push eu.gcr.io/[PROJECT_ID]/[IMAGE_TAG], and it would run successfully. However, the dockerfile maven plugin would fail due to missing credentials:

org.apache.maven.plugin.MojoExecutionException: Could not push image
...
Caused by: com.spotify.docker.client.exceptions.DockerException: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

At this point, my ~/.docker/config.json file looked like:

{
  "credHelpers": {
    "gcr.io": "gcloud",
    "us.gcr.io": "gcloud",
    "eu.gcr.io": "gcloud",
    "asia.gcr.io": "gcloud",
    "staging-k8s.gcr.io": "gcloud",
    "marketplace.gcr.io": "gcloud"
  }
}

After a lot of debugging, I found a configuration that worked:

{
  "auths": {
    "eu.gcr.io": {}
  },
  "credHelpers": {
    "eu.gcr.io": "gcr"
  },
  "credsStore": "gcr"
}

I had to install the docker-credential-gcr module:

gcloud components install docker-credential-gcr

I have two questions:

1. Why did I need to change my configuration in this way?
2. Is it worth raising an issue on the GitHub, or was this a weird quirk of my setup?

EDIT:

The relevant part of my Maven config is:

        <plugin>
            <groupId>com.spotify</groupId>
            <artifactId>dockerfile-maven-plugin</artifactId>
            <version>1.4.13</version>
            <configuration>
                <repository>eu.gcr.io/[PROJECT_ID]/[IMAGE_NAME]</repository>
                <tag>2.0.0</tag>
            </configuration>
            <executions>
                <execution>
                    <id>default</id>
                    <goals>
                        <goal>build</goal>
                        <goal>push</goal>
                    </goals>
                </execution>
                <execution>
                    <id>tag-image-latest</id>
                    <goals>
                        <goal>tag</goal>
                    </goals>
                    <configuration>
                        <tag>latest</tag>
                    </configuration>
                </execution>
            </executions>
        </plugin>

Answer 1

Try adding <useMavenSettingsForAuth>true</useMavenSettingsForAuth> inside the configuration tag and specify your server credentials in the maven settings.xml:

<server>
   <id>docker.io</id>
   <username>XXX</username>
   <password>XXX</password>
</server>
                                

Also, If you want to push images to the private registry you need two things: API Access Scopes and Authenticate your VM with the registry.

There's already a detalied answer in this post where you can find a deep understanding to your question.

Hope that you find it helpful.