相关文章推荐
才高八斗的数据线  ·  有关与 Databricks Git ...·  5 月前    · 
正直的抽屉  ·  oracle 存储过程授权-掘金·  1 年前    · 
直爽的牛肉面  ·  SQL SERVER 获取近七天每天的日期 ...·  1 年前    · 
一身肌肉的酱牛肉  ·  dataframe删除含有特定字符的行-掘金·  1 年前    · 
绅士的松鼠  ·  c# - MySQL Connector ...·  1 年前    · 
Code  ›  azure - Getting "containers with unready status: []" error in Kubernetes - Stack Overflow
https://stackoverflow.com/questions/54579188/getting-containers-with-unready-status-error-in-kubernetes
谦和的番茄
2 年前
Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I'm trying to deploy a Kubernetes Pod in AKS (I'm new to Kubernetes, so at this stage, I just want to create a container, deploy to Kubernetes and connect to it).

My Yaml file is as follows: 

apiVersion: v1
kind: Pod
spec: 
  containers:
    - name: dockertest20190205080020
      image: dockertest20190205080020.azurecr.io    
      ports:
      - containerPort: 443
metadata: 
  name: my-test

I've created the image in Azure Container Registry and, according to the CLI, successfully deployed it to Kubernetes.


After deploying, I used the following command:


kubectl get service

And it tells me there is no External IP to connect to.  I then tried:


kubectl describe pod my-test

Which gave the following errors:


 Events:
   Warning  Failed   4m (x2221 over 8h)  kubelet, aks-nodepool1-27401563-2  Error: ImagePullBackOff
   Normal   BackOff  0s (x2242 over 8h)  kubelet, aks-nodepool1-27401563-2  Back-off pulling image "dockertest20190205080020.azurecr.io"

I then tried editing the deployment:


kubectl edit pods my-test

Which game me the error:


message: 'containers with unready status: [dockertest20190205080020]'

I'm not a little unsure what my next diagnostic step would be.  I get the impression there's an issue with the container or the container registry, but I'm unsure how to determine what that may be.

                Thanks to everyone for their help.  The correct answer actually turned out to be a combination of the two answers: I didn't have permission, but I also hadn't specified the image name.
– user10780967
                Feb 14, 2019 at 8:00

What happens here (most likely) - your AKS doesnt have permissions to pull images frmo you ACR (that's the default behaviour). You need to grant those (link):


#!/bin/bash
AKS_RESOURCE_GROUP=myAKSResourceGroup
AKS_CLUSTER_NAME=myAKSCluster
ACR_RESOURCE_GROUP=myACRResourceGroup
ACR_NAME=myACRRegistry
# Get the id of the service principal configured for AKS
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
# Create role assignment
az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID

Alternative is to just use a docker login secret (that article mentions that as well).


Example image in ACR:

image name would be 


clrtacr.azurecr.io/dns:tag (or without tag for latest)

                I had tried something similar to this, but I tried this and it made no difference.  I think you might be on the right lines with permissions, though.  When I run the dashboard, I get a series of errors such as: services is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list services in the namespace "default"
– user10780967
                Feb 10, 2019 at 8:50
                dashboard is something completely different, just grant dashboard serviceaccount permissions
– 4c74356b41
                Feb 10, 2019 at 8:51
                Thanks: the dashboard now works, and gives me a clearer (?) error: Failed to pull image "dockertest20190205080020.azurecr.io": rpc error: code = Unknown desc = Error response from daemon: pull access denied for dockertest20190205080020.azurecr.io, repository does not exist or may require 'docker login'
– user10780967
                Feb 12, 2019 at 19:16

I'm not sure if you know there is something wrong in your yaml file, or it just shows as you want for security. But I would show you here:


apiVersion: v1
kind: Pod
spec: 
  containers:
    - name: dockertest20190205080020
      image: dockertest20190205080020.azurecr.io/image_name_and_version   
      ports:
      - containerPort: 443
metadata: 
  name: my-test

Also, as the error that you got shows, you don't have the permission to pull the image from your ACR. 


On my side, I would be better to use a secret for pulling all the image from the ACR. You can create a service principal to achieve it. The steps would be like here:


#!/bin/bash
ACR_NAME=myacrinstance
SERVICE_PRINCIPAL_NAME=acr-service-principal
# Populate the ACR login server and resource id.
ACR_LOGIN_SERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
# Create acrpull role assignment with a scope of the ACR resource.
SP_PASSWD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role acrpull --scopes $ACR_REGISTRY_ID --query password --output tsv)
# Get the service principal client id.
CLIENT_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)
# Output used when creating Kubernetes secret.
echo "Service principal ID: $CLIENT_ID"
echo "Service principal password: $SP_PASSWD"
# Create the secret 
kubectl create secret docker-registry acr-auth --docker-server <acr-login-server> --docker-username <service-principal-ID> --docker-password <service-principal-password> 

Then you can change your yaml file like this:


apiVersion: v1
kind: Pod
spec: 
  containers:
    - name: dockertest20190205080020
      image: dockertest20190205080020.azurecr.io/image_name_and_version   
      ports:
      - containerPort: 443
  imagePullSecrets:
  - name: acr-auth
metadata: 
  name: my-test
                I did not know there was an error in the YAML file.  How / where would I get the image name and version from?  Is it in the docker file, as I can't see anything there that's obvious?
– user10780967
                Feb 13, 2019 at 8:27
                @SmileyDev No, dockertest20190205080020.azurecr.io is an Azure Container Registry and you find the image name and version in it if you pushed your image to it.
– Charles Xu
                Feb 13, 2019 at 8:30
                Sorry if I'm being dim here, but how do I identify the image name?  Or if not identify the image name, is there a way that I can test if the image name exists in the container registry?
– user10780967
                Feb 13, 2019 at 19:18
                @SmileyDev Yes, you can use the Azure CLI command to see if the image exists in the ACR. Take a look at Create a private container registry using the Azure CLI.
– Charles Xu
                Feb 14, 2019 at 1:02
        
Thanks for contributing an answer to Stack Overflow!
  • Please be sure to answer the question. Provide details and share your research!
But avoid
  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
 
推荐文章
才高八斗的数据线  ·  有关与 Databricks Git 文件夹的 Git 集成的限制和常见问题解答 - Azure Databricks | Microsoft Learn
5 月前
正直的抽屉  ·  oracle 存储过程授权-掘金
1 年前
直爽的牛肉面  ·  SQL SERVER 获取近七天每天的日期 - 残风飞雪 - 博客园
1 年前
一身肌肉的酱牛肉  ·  dataframe删除含有特定字符的行-掘金
1 年前
绅士的松鼠  ·  c# - MySQL Connector with EF6 in Visual Studio 2013 - Stack Overflow
1 年前
今天看啥   ·   Py中国   ·   codingpro   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
Code - 代码工具平台
© 2024 ~ 沪ICP备11025650号