将镜像从 Azure 容器注册表拉取到 Kubernetes 集群
[英]Pull images from an Azure container registry to a Kubernetes cluster
问题描述
I have followed this tutorial microsoft_website to pull images from an azure container.
我已按照本教程microsoft_website从 azure 容器中提取图像。 My yaml successfully creates a pod job, which can pull the image, BUT only when it runs on the agentpool node in my cluster.我的yaml成功创建了一个 pod 作业,它可以拉取图像,但仅当它在我的集群中的agentpool节点上运行时。
For example, adding nodeName: aks-agentpool-33515997-vmss000000 to the yaml works fine, but specifying a different node name, eg nodeName: aks-cpu1-33515997-vmss000000 , the pod fails.例如,将nodeName: aks-agentpool-33515997-vmss000000到yaml可以正常工作,但指定不同的节点名称,例如nodeName: aks-cpu1-33515997-vmss000000时,pod 会失败。 The error message I get with describe pods is Failed to pull image and then kubelet Error: ErrImagePull .我使用描述 pods 收到的错误消息是Failed to pull image然后kubelet Error: ErrImagePull 。
What I'm missing?我错过了什么?
Create secret:创建秘密:
kubectl create secret docker-registry <secret-name> \
--docker-server=<container-registry-name>.azurecr.io \
--docker-username=<service-principal-ID> \
--docker-password=<service-principal-password>
2 个解决方案
解决方案1
0 2021-03-01 20:00:16
Four things to check:需要检查的四件事:
- Is it a subscription issue?是订阅问题吗? Are the nodes in different subscriptions?节点是否在不同的订阅中?
- Is it a rights issue?是权利问题吗? Does the service principle of the node have rights to pull the image.节点的服务主体是否有权拉取镜像。
- Is it a network issue?是网络问题吗? Are the nodes on different subnets?节点是否位于不同的子网上?
- Is there something with the image size or configuration, that means that it cannot run on the other cluster.图像大小或配置是否存在某些问题,这意味着它无法在另一个集群上运行。
Edit编辑
New-AzAksNodePool has a parameter -DefaultProfile New-AzAksNodePool 有一个参数 -DefaultProfile
It can be AzContext, AzureRmContext, AzureCredential它可以是 AzContext、AzureRmContext、AzureCredential
If this is different between your nodes it would explain the error如果这在您的节点之间有所不同,它将解释错误
解决方案2
0 已采纳
As @user1571823 told solution to the problem is deleting the old image from the acr and creating/pushing a new one.正如@user1571823 所说,问题的解决方案是从 acr 中删除旧图像并创建/推送新图像。
The problem was related to some sort of corruption in the image saved in the azure container registry (acr).该问题与保存在 azure 容器注册表 (acr) 中的映像中的某种损坏有关。 The reason why one agent pool could pulled the image was actually because the image already existed in the VM.一个代理池之所以能拉取镜像,其实是因为镜像已经存在于虚拟机中。
Henceforth as @andov said it is good option to open an incident case to Azure support for AKS from your subscription, where AKS is deployed.此后,正如@andov 所说,从部署 AKS 的订阅中打开事件案例以向 Azure 支持AKS开一个事件案例是一个不错的选择。 The support team has full access to the AKS service backend and they can tell exactly what was causing your problem.支持团队拥有对 AKS 服务后端的完全访问权限,他们可以准确判断是什么导致了您的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.