AKS 从 ACR 中提取容器映像时出现问题
[英]AKS has an issue pulling a container image from the ACR
问题描述
I have an issue with the AKS, Kubernetes cannot pull the image from the ACR, It show the message "unauthorized: authentication required" I already set permissions on the ACR to the AKS Service Principal.
我的 AKS 有问题,Kubernetes 无法从 ACR 中提取图像,它显示消息“未经授权:需要身份验证”我已经将 ACR 上的权限设置为 AKS 服务主体。 It had worked fine until today when I proced to update the pod with a new container from the ACR.它一直运行良好,直到今天我继续使用来自 ACR 的新容器更新 pod。
3 个解决方案
解决方案1
0 2019-09-18 02:22:21
According to the message you provided, the possible reason that I can think of is the Authorization expiry.根据您提供的消息,我能想到的可能原因是授权到期。 You can take a check for your service principal if it's Authorization expiry.如果授权到期,您可以检查您的服务主体。
Other than this, I recommend you can also check if all other things are OK, the authentication with ACR for AKS here .除此之外,我建议您还可以检查所有其他事情是否正常, 此处为 AKS 使用 ACR 进行身份验证。 This can avoid the wrong action.这样可以避免错误的操作。
解决方案2
0 已采纳 2019-09-19 16:17:04
The SP already has authorization to pull images from the ACR. SP 已获得从 ACR 中提取映像的授权。
I followed the post here and now the AKS is able to pull images from ACR.我关注了这里的帖子,现在 AKS 能够从 ACR 中提取图像。 When I created the AKS its SP didn't have secrets nor certificates setted, but it had working fine since 12 months ago, suddenly AKS now needs to have a secret in its SP to authenticate over the ACR.当我创建 AKS 时,它的 SP 没有设置机密或证书,但它自 12 个月前就运行良好,突然 AKS 现在需要在其 SP 中有一个机密以通过 ACR 进行身份验证。
Thanks...谢谢...
解决方案3
0 2020-01-03 08:27:30
使用此解决方法它完成了工作:
az role assignment create --assignee <servicePrincipalID> --scope <registryID> --role acrpull
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.