将个人Docker映像上传到Azure容器注册表-ErrImagePull

时间:2019-11-02 22:07:06

标签: wordpress azure docker kubernetes

我正在以此方式构建一个小的docker映像:

在我的Dockerfile中,我在etc/apache2/apache2.conf中添加了有关将http重定向到https规则的特定配置:

具体来说,此规则

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>

所以,我的Dockerfile

FROM wordpress:5.2.4

RUN apt-get update && apt-get install -y \
    nano wget

COPY etc/apache2/apache2.conf /etc/apache2/apache2.conf

所以,完成后,我在本地docker环境中得到了两个图像

REPOSITORY                   TAG      
customize_wordpress          5.2.4     
wordpress                    5.2.4

成为customize_wordpress:5.2.4我的个人图像和wordpress:5.2.4我在Dockerfile中的以上FROM指令中使用的基本公共图像

就像我的目的是将我的自定义图片customize_wordpress:5.2.4上传到azure容器注册表一样,我正在关注this article

我正在以这种方式执行docker tag命令

docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4

它有效。 我也推送图片,效果也很好

⟩ docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed 
b032b61b15b2: Pushed  
12fe3564ccac: Pushed 
4e9b2aba858c: Pushed 
b67d19e65ef6: Pushed 
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128
[I]

enter image description here

因此,我将这些数据作为环境变量,以便将它们传递给helm命令

export acr_login_server=registryname.azurecr.io
export acr_repository=customize_wordpress
export image_tag=5.2.4

但是当我执行helm命令时

⟩ helm3 install  wordpress-site-4 ./Deployments/Kubernetes/HelmCharts/wordpress/  --set image.registry=$acr_login_server,image.repository=$acr_repository,image.tag=$image_tag,image.pullPolicy=Always,wordpressUsername=$wordpressUsername,wordpressPassword=$wordpressPassword,wordpressEmail=$wordpressEmail,mariadb.enabled=false,externalDatabase.host=$database_host,externalDatabase.user=$database_user,externalDatabase.password=$database_password,externalDatabase.database=$database_name,externalDatabase.port=3306

我可以在kubernetes环境中看到豆荚说没有拉出图像。我有

Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     2m20s (x4 over 3m39s)  kubelet, aks-defaultpool-34253081-vmss000001  Error: ErrImagePull

 Normal   Pulling    2m21s (x4 over 3m40s)  kubelet, aks-defaultpool-34253081-vmss000001  Pulling image "customize_wordpress:5.2.4"
  Warning  Failed     2m20s (x4 over 3m39s)  kubelet, aks-defaultpool-34253081-vmss000001  Failed to pull image "customize_wordpress:5.2.4": rpc error: code = Unknown desc = Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     2m20s (x4 over 3m39s)  kubelet, aks-defaultpool-34253081-vmss000001  Error: ErrImagePull
  Normal   BackOff    114s (x6 over 3m38s)   kubelet, aks-defaultpool-34253081-vmss000001  Back-off pulling image "customize_wordpress:5.2.4"
  Warning  Failed     103s (x7 over 3m38s)   kubelet, aks-defaultpool-34253081-vmss000001  Error: ImagePullBackOff

我正在通过azure devops执行此helm命令,以前我以多种方式登录我的ACR,例如:

echo "Log in to an Azure Container Registry"
# docker login $(acr_login_server) --username $(service_principal_name_ci-cd-app-id) --password $(service_principal_name_ci-cd-password)
az acr login --name $(acr_name)

但是从吊舱得到的结果是相同的,我无法拉出图像

这就是为什么我认为我不需要在kubernetes内部以及掌舵表imagePullSecrets的{​​{1}}属性中引用docker注册表秘密。

尽管我尝试用我的acr数据创建该Docker注册表机密的所有操作,但结果也相同。

如何上传自定义图像并将其从Kubernetes中拉出?

1 个答案:

答案 0 :(得分:1)

就像我的AKS群集和我的azure容器注册表一样,在私有映像安装之前它们都已经存在,我没有意识到我必须将aks群集与Azure容器注册表关联

它在这里说https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration#configure-acr-integration-for-existing-aks-clusters

因此,这是构建我们的私有Docker映像,上传到我们的私有容器注册表(在我的情况下为Azure容器注册表)并从Azure Kubernetes服务中提取该图像的完整工作流程:

  • 构建图像

docker build -t customize_wordpress:5.2.4 .

它将创建customize_wordpress:5.2.4图片

  • 创建标签:我们需要创建一个标签,以便将图片上传到我们的ACR 我们必须在ACR主机服务器的标记中添加registryname.azurecr.io Here了解更多信息,here 
⟩ docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4
  • 推送图片:请确保我们必须使用在上一步中创建的完整标签,我的意思是registryname.azurecr.io/customize_wordpress:5.2.4 
⟩ docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed 
b032b61b15b2: Pushed 
b67d19e65ef6: Pushed 
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128

然后在安装我的Wordpress应用程序之前(对于我来说是通过舵图命令(在我的问题中上面提到的)),the configuration of my ACR to work with my AKS cluster

我执行aks update命令:

⟩ az aks update -n MyClusterName -g MyResourceGroup --attach-acr MyACRName

因此,当我安装掌舵表时,图像已启动并正在运行

Events:
  Type     Reason     Age                   From                                          Message
  ----     ------     ----                  ----                                          -------
  Normal   Scheduled  14m                   default-scheduler                             Successfully assigned default/wordpress-site-4-6565b8c64f-w7xvq to aks-defaultpool-34253081-vmss000000
  Normal   Pulling    14m                   kubelet, aks-defaultpool-34253081-vmss000000  Pulling image "registryname.azurecr.io/customize_wordpress:5.2.4"
  Normal   Pulled     14m                   kubelet, aks-defaultpool-34253081-vmss000000  Successfully pulled image "registryname.azurecr.io/customize_wordpress:5.2.4"
  Normal   Created    14m                   kubelet, aks-defaultpool-34253081-vmss000000  Created container wordpress

如果这样做,则无需引用docker注册表机密和头盔图表或yaml文件中的任何imagePullSecrets属性,我们的映像将被拉取而无需引用任何凭据

相关问题
最新问题