从 Bitbucket 部署到 Azure AKS 失败
Deployment fails to Azure AKS from Bitbucket
我创建了一个 Bitbucket 管道并尝试将基本 pod 部署到 Azure AKS。
bitbucket-pipelines.yml 低于;
image: atlassian/default-image:2
options:
docker: true
pipelines:
default:
- step:
name: Docker login
caches:
- docker
script:
- docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASSWORD
- step:
name: "Deploy to PROD"
deployment: production
script:
- pipe: microsoft/azure-aks-deploy:1.0.0
variables:
AZURE_APP_ID: $AZURE_APP_ID
AZURE_PASSWORD: $AZURE_PASSWORD
AZURE_TENANT_ID: $AZURE_TENANT_ID
AZURE_AKS_NAME: "demo-aks"
AZURE_RESOURCE_GROUP: "demo-rg"
KUBECTL_COMMAND: 'apply'
KUBERNETES_SPEC_FILE: 'test.yaml'
和test.yaml文件在下方;
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: test
spec:
containers:
- name: test
image: myrepository/test:1234
command: ["/bin/sleep", "3650d"]
imagePullPolicy: IfNotPresent
restartPolicy: Always
“kubectl apply -f test-yaml”命令似乎已成功执行,它正在尝试创建 pod,但出现“docker 登录”错误。
Warning Failed 9s (x2 over 24s) kubelet Failed to pull image "myrepository/test:1234": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myrepository/test, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 9s (x2 over 24s) kubelet Error: ErrImagePul
Docker 已添加的用户和传递变量是正确的。不知道问题出在哪里。
谢谢!
您是否在 AKS 中创建了正确的 Docker 凭据?
如果您确定 docker 登录正确,请在 AKS 中创建以下机密:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
其中 <path/to/.docker/config.json> 通常是 ~/.docker/config.json(当然你需要能够从你的机器访问那个 repo)。
然后,在您的 pod 定义中引用此秘密凭证:
imagePullSecrets:
- name: regcred
要使用您的示例:
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: test
spec:
containers:
- name: test
image: myrepository/test:1234
command: ["/bin/sleep", "3650d"]
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: regcred
restartPolicy: Always
AKS 可以轻松地从 public Docker Hub 存储库或 Azure ACR(Azure 容器注册表)中提取图像,但要连接到 Docker Hub private,您需要授予权限连接数据。
参考:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
我创建了一个 Bitbucket 管道并尝试将基本 pod 部署到 Azure AKS。 bitbucket-pipelines.yml 低于;
image: atlassian/default-image:2
options:
docker: true
pipelines:
default:
- step:
name: Docker login
caches:
- docker
script:
- docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASSWORD
- step:
name: "Deploy to PROD"
deployment: production
script:
- pipe: microsoft/azure-aks-deploy:1.0.0
variables:
AZURE_APP_ID: $AZURE_APP_ID
AZURE_PASSWORD: $AZURE_PASSWORD
AZURE_TENANT_ID: $AZURE_TENANT_ID
AZURE_AKS_NAME: "demo-aks"
AZURE_RESOURCE_GROUP: "demo-rg"
KUBECTL_COMMAND: 'apply'
KUBERNETES_SPEC_FILE: 'test.yaml'
和test.yaml文件在下方;
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: test
spec:
containers:
- name: test
image: myrepository/test:1234
command: ["/bin/sleep", "3650d"]
imagePullPolicy: IfNotPresent
restartPolicy: Always
“kubectl apply -f test-yaml”命令似乎已成功执行,它正在尝试创建 pod,但出现“docker 登录”错误。
Warning Failed 9s (x2 over 24s) kubelet Failed to pull image "myrepository/test:1234": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myrepository/test, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 9s (x2 over 24s) kubelet Error: ErrImagePul
Docker 已添加的用户和传递变量是正确的。不知道问题出在哪里。 谢谢!
您是否在 AKS 中创建了正确的 Docker 凭据? 如果您确定 docker 登录正确,请在 AKS 中创建以下机密:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
其中 <path/to/.docker/config.json> 通常是 ~/.docker/config.json(当然你需要能够从你的机器访问那个 repo)。
然后,在您的 pod 定义中引用此秘密凭证:
imagePullSecrets:
- name: regcred
要使用您的示例:
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: test
spec:
containers:
- name: test
image: myrepository/test:1234
command: ["/bin/sleep", "3650d"]
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: regcred
restartPolicy: Always
AKS 可以轻松地从 public Docker Hub 存储库或 Azure ACR(Azure 容器注册表)中提取图像,但要连接到 Docker Hub private,您需要授予权限连接数据。
参考:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/