[英]Pull images from an Azure container registry to a Kubernetes cluster
I have followed this tutorial microsoft_website to pull images from an azure container.我已按照本教程microsoft_website从 azure 容器中提取图像。 My
yaml
successfully creates a pod job, which can pull the image, BUT only when it runs on the agentpool
node in my cluster.我的
yaml
成功创建了一个 pod 作业,它可以拉取图像,但仅当它在我的集群中的agentpool
节点上运行时。
For example, adding nodeName: aks-agentpool-33515997-vmss000000
to the yaml
works fine, but specifying a different node name, eg nodeName: aks-cpu1-33515997-vmss000000
, the pod fails.例如,将
nodeName: aks-agentpool-33515997-vmss000000
到yaml
可以正常工作,但指定不同的节点名称,例如nodeName: aks-cpu1-33515997-vmss000000
时,pod 会失败。 The error message I get with describe pods is Failed to pull image
and then kubelet Error: ErrImagePull
.我使用描述 pods 收到的错误消息是
Failed to pull image
然后kubelet Error: ErrImagePull
。
What I'm missing?我错过了什么?
Create secret:创建秘密:
kubectl create secret docker-registry <secret-name> \
--docker-server=<container-registry-name>.azurecr.io \
--docker-username=<service-principal-ID> \
--docker-password=<service-principal-password>
Four things to check:需要检查的四件事:
Edit编辑
New-AzAksNodePool has a parameter -DefaultProfile New-AzAksNodePool 有一个参数 -DefaultProfile
It can be AzContext, AzureRmContext, AzureCredential它可以是 AzContext、AzureRmContext、AzureCredential
If this is different between your nodes it would explain the error如果这在您的节点之间有所不同,它将解释错误
As @user1571823 told solution to the problem is deleting the old image from the acr and creating/pushing a new one.正如@user1571823 所说,问题的解决方案是从 acr 中删除旧图像并创建/推送新图像。
The problem was related to some sort of corruption in the image saved in the azure container registry (acr).该问题与保存在 azure 容器注册表 (acr) 中的映像中的某种损坏有关。 The reason why one agent pool could pulled the image was actually because the image already existed in the VM.
一个代理池之所以能拉取镜像,其实是因为镜像已经存在于虚拟机中。
Henceforth as @andov said it is good option to open an incident case to Azure support for AKS from your subscription, where AKS is deployed.此后,正如@andov 所说,从部署 AKS 的订阅中打开事件案例以向 Azure 支持AKS开一个事件案例是一个不错的选择。 The support team has full access to the AKS service backend and they can tell exactly what was causing your problem.
支持团队拥有对 AKS 服务后端的完全访问权限,他们可以准确判断是什么导致了您的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.