堆栈内存溢出
  简体   繁体   English

使用系统从 VM 分配的托管标识连接到 azure 容器注册表时出错

[英]Error connecting to azure container registry using system assigned managed identity from a VM

 原文  2021-08-13 17:25:06       azure/ docker/ azure-managed-identity/ azure-container-registry

问题描述

I'm not able to connect to Azure Container registry from a VM with System Assigned Managed Identity Enabled.我无法从启用了系统分配托管标识的 VM 连接到 Azure 容器注册表。 The MI is assigned acrpush role on the ACR. MI 被分配了 ACR 上的 acrpush 角色。

I'm following the link enter link description here我正在点击链接,在此处输入链接描述

az login --identity --> works az login --identity --> 有效

az acr login --name myContainerRegistry --> fails with error az acr login --name myContainerRegistry --> 失败并出现错误

An error occurred: DOCKER_COMMAND_ERROR
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json: dial unix /var/run/docker.sock: connect: permission denied```

1 个解决方案

解决方案1
 0  2021-08-16 07:27:55

Not Sure why it was giving the above error.不确定为什么会出现上述错误。 The docker was in running status(Active), I checked it using service docker status command. docker 处于运行状态(活动),我使用service docker status命令检查了它。

But when I tried the next day again az acr login command, it worked like a charm.但是当我第二天再次尝试az acr login命令时,它就像一个魅力。

After login I was able to push the image from GitLab Runner VM to ACR using Managed Identity by following the below steps.登录后,我可以按照以下步骤使用托管身份将图像从 GitLab Runner VM 推送到 ACR。

The 3rd step to tag the image is important, without tagging we get authentication required error, even when the Managed Identity is assigned acrpush role标记图像的第 3 步很重要,如果没有标记,我们会收到需要身份验证的错误,即使托管身份被分配了 acrpush角色

1) az login --identity      
2) az acr login --name <mycontainerregistry>
3) docker image tag <image>:version mycontainerregistry.azurecr.io/<image:version>
4) docker push mycontainerregistry.azurecr.io/<image>:<version>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure PHP web 应用程序使用系统分配的托管身份连接到 Azure 存储 Blob - Azure PHP web app using system assigned managed identity connecting to Azure Storage Blob 使用托管标识从 VM 访问 Azure 存储 - Accessing Azure Storage from VM using Managed Identity 无法使用系统分配的托管标识 ID 登录到 Azure - Cannot login to Azure with system assigned managed identity ID Azure.Messaging.ServiceBus 使用系统分配的托管标识创建 ServiceBusClient - Azure.Messaging.ServiceBus Create a ServiceBusClient using a System Assigned Managed Identity 在 Azure 上使用 Terraform 部署具有托管标识的 VM 失败 - Deploying a VM with managed identity using Terraform on Azure fails 无法将带有系统分配托管标识的 Azure 逻辑应用程序连接到 Azure SQL 服务器 - Unable to connect Azure Logic App w/ System Assigned Managed Identity to Azure SQL Server 从 Azure Container Registry 拉取镜像到 Azure Container Instances 时如何使用 SystemAssigned identity? - How can I use a SystemAssigned identity when pulling an image from Azure Container Registry into Azure Container Instances? 使用托管身份从 Hashicorp Vault 中检索 Azure 应用服务中的秘密 | 缺少角色 - 错误 - Retrieval of secrets in Azure App Service from Hashicorp Vault using Managed Identity | Missing Role - Error 使用托管标识从 Azure Runbook 运行 Get-AzADApplication - Run Get-AzADApplication from an Azure Runbook using a Managed Identity 使用托管标识从 Azure 应用服务调用图 - Call Graph from Azure App Service using Managed Identity
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM