只有2个pod中有1个部署,其他pod无权拉出容器

时间:2016-02-20 10:54:49

标签: openshift-origin

我使用与暂存项目相同的结构设置生产项目减去BuildConfiguration,然后将我的容器从暂存图像流标记为prod图像流。

oc tag my-staging/nginx:latest my-prod/nginx:prod
oc tag my-staging/gunicorn:latest my-prod/gunicorn:prod
oc tag my-staging/celery-worker:latest my-prod/celery-worker:prod

每个作为2个副本的DeploymentConfig。前两个已经提出了两个pod,但celery-worker容器只提供了一个pod。另一个pod会生成错误:

  

无法拉取图片   " 172.x.x.x:5000 /我的分期/芹菜工作者@ SHA256:XXX&#34 ;:   未经授权:需要身份验证

我不知道一个小册子可以如何访问而不是另一个。特别是因为所有其他豆荚都已启动。

这是来自注册表的日志:

10.1.3.1 - - [22/Feb/2016:02:52:58 +0000] "GET /v2/cwl-staging/cwl-leadershift-20-celery-worker/manifests/sha256:7a2608ce648b767d65209410fd9f0e8d2fe3f559367c77ba45ba9a713940f83a HTTP/1.1" 401 176 "" "docker/1.8.2-el7.centos go/go1.4.2 kernel/3.10.0-327.4.5.el7.x86_64 os/linux arch/amd64"
time="2016-02-22T02:52:58.297372303Z" level=error msg="OpenShift access denied: User \"system:serviceaccount:cwl-production:default\" cannot get imagestreams/layers in project \"cwl-staging\"" go.version=go1.4.2 http.request.host="172.30.140.184:5000" http.request.id=71a32c41-9e91-40be-9774-166bfa7264f8 http.request.method=GET http.request.remoteaddr="10.1.3.1:48777" http.request.uri="/v2/cwl-staging/cwl-leadershift-20-celery-worker/manifests/sha256:7a2608ce648b767d65209410fd9f0e8d2fe3f559367c77ba45ba9a713940f83a" http.request.useragent="docker/1.8.2-el7.centos go/go1.4.2 kernel/3.10.0-327.4.5.el7.x86_64 os/linux arch/amd64" instance.id=180a3a82-b568-40ab-aaa0-538588e8e765 vars.name="cwl-staging/cwl-leadershift-20-celery-worker" vars.reference="sha256:7a2608ce648b767d65209410fd9f0e8d2fe3f559367c77ba45ba9a713940f83a" 
time="2016-02-22T02:52:58.297449598Z" level=error msg="error authorizing context: access denied" go.version=go1.4.2 http.request.host="172.30.140.184:5000" http.request.id=71a32c41-9e91-40be-9774-166bfa7264f8 http.request.method=GET http.request.remoteaddr="10.1.3.1:48777" http.request.uri="/v2/cwl-staging/cwl-leadershift-20-celery-worker/manifests/sha256:7a2608ce648b767d65209410fd9f0e8d2fe3f559367c77ba45ba9a713940f83a" http.request.useragent="docker/1.8.2-el7.centos go/go1.4.2 kernel/3.10.0-327.4.5.el7.x86_64 os/linux arch/amd64" instance.id=180a3a82-b568-40ab-aaa0-538588e8e765 vars.name="cwl-staging/cwl-leadershift-20-celery-worker" vars.reference="sha256:7a2608ce648b767d65209410fd9f0e8d2fe3f559367c77ba45ba9a713940f83a"

1 个答案:

答案 0 :(得分:0)

问题是<id>角色未被system:image-puller授予。

my-prod项目上授予角色:

my-staging

删除卡住的广告连播,以便获取新凭据以提取图片。

Appropriate section of the Openshift documentation

相关问题
最新问题