将容器推送到Azure容器注册表时拒绝资源访问 [英] Resource access denied when pushing container to Azure Container Registry
问题描述
使用Docker Compose将容器推入私有Azure容器注册表时,Azure DevOps管道返回以下错误:
When pushing containers into a private Azure Container Registry using Docker Compose the Azure DevOps pipeline returns the following error:
按下[容器]([注册表]/[应用]:最新)...
Pushing [container] ([registry]/[app]:latest)...
推送是指存储库[docker.io/[registry]/[container]]
The push refers to repository [docker.io/[registry]/[container]]
拒绝:请求的对资源的访问被拒绝
denied: requested access to the resource is denied
azure-pipeline.yml
文件取自Microsoft Microservices eShopOnContainer示例中显示的Docker Compose示例,
The azure-pipeline.yml
file is taken from the Docker Compose example shown in the Microsoft Microservices eShopOnContainer example, here:
variables:
azureContainerRegistry: myregistry
azureSubscriptionEndpoint: My Service Principle
...
task: DockerCompose@0
displayName: Compose push customer API
inputs:
containerregistrytype: Azure Container Registry
azureSubscriptionEndpoint: $(azureSubscriptionEndpoint)
azureContainerRegistry: $(azureContainerRegistry)
dockerComposeCommand: 'push [container]'
dockerComposeFile: docker-compose.yml
qualifyImageNames: true
projectName: ""
dockerComposeFileArgs: |
TAG=$(Build.SourceBranchName)
推荐答案
The solution is to be explicit with the container name. The documentation is misleading as it states firstly that: the containerregistrytype
is Azure Container Registry by default. The example goes on to give Contoso as the value for azureContainerRegistry
.
这是错误的.您需要将其显式设置为Azure中的登录服务器"值.因此,注册表应为"contoso.azurecr.io".因此,完整的示例应该为:
This is wrong. You need to explicitly set this to the "Login server" value from Azure. Therefore the registry should be "contoso.azurecr.io". So the full example should be:
variables:
azureContainerRegistry: contoso.azurecr.io
azureSubscriptionEndpoint: Contoso
steps:
- task: DockerCompose@0
displayName: Container registry login
inputs:
containerregistrytype: Azure Container Registry
azureSubscriptionEndpoint: $(azureSubscriptionEndpoint)
azureContainerRegistry: $(azureContainerRegistry)
这就是为什么它所指的推回购实际上是:docker.io(公共docker hub),因为它实际上必须是默认值,这说明了拒绝访问错误.
This is why the push repo it was referring to was in fact: docker.io (public docker hub) as that must actually be the default whch explains the access denied error.
这篇关于将容器推送到Azure容器注册表时拒绝资源访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!