无法使用AKS和ACR拉新图像 [英] Unable to pull new image with AKS and ACR
问题描述
我突然遇到了使用AKS从Azure容器注册表中提取最新映像的问题(以前运行良好.
I'm suddenly having issues pulling the latest image from Azure container registry with AKS (which previously worked fine.
如果我跑步
kubectl describe pod <podid> I get:
Failed to pull image <image>: rpc error: code = Unknown desc = Error response from daemon: Get <image>: unauthorized: authentication required
我尝试手动登录ACR,并且一切正常,新映像已正确推送,我可以手动拉出它们.
I've tried logging into the ACR manually and it's all working correctly - the new images have pushed correctly and I can pull them manually.
此外,我已经尝试过:
az aks update -g MyResourceGroup -n MyManagedCluster --attach-acr acrName
成功(没有错误,输出传播成功),但仍然不起作用.
Which succeeds (no errors, there is an output propagation being successful) but it still doesn't work.
我尝试使用以下方式更新凭据:
I've tried updating the credentials with:
az aks update-credentials --resource-group <group>--name <aks name>--reset-service-principal --service-principal <sp id> --client-secret <client-secret>
哪个消息很奇怪:
Deployment failed. Correlation ID: 6e84754a-821d-4a39-a0df-7ab9ba21973f.
Unable to get log analytics workspace info. Resource ID:
/subscriptions/<subscription id>/resourcegroups/defaultresourcegroup-
weu/providers/microsoft.operationalinsights/workspaces/defaultworkspace-
d259e6ea-8230-4cb0-a7a8-7f0df6c7ef18-weu. Details: autorest/azure: Service
returned an error. Status=404 Code="ResourceGroupNotFound"
Message="Resource group 'defaultresourcegroup-weu' could not be found.". For
more details about how to create and use log analytics workspace, please
refer to: https://aka.ms/new-log-analytics
我尝试创建一个新的日志分析工作区,并且以上错误仍然存在.
I tried creating a new log analytics workspace and the error above persisted.
我还尝试了以下步骤:
除了上面的帖子,我还浏览了许多教程和Microsoft页面来尝试解决此问题.
Besides the the posts above, I've gone through many tutorials and Microsoft pages to try fix the problem.
我尝试创建一个新的服务主体并为其分配适当的角色,但是错误仍然存在. 我还涉猎创建新机密,但没有成功.
I've tried creating a new service principal and assigning it the appropriate roles but the error still persists. I've also dabbled with creating new secrets and had no success.
不需要新图像的pod都按预期运行. 如果我查看我的应用程序注册(在azure活动目录下),它们都是在一年前创建的-因此,我担心某些内容已过期,并且不知道如何解决.
My pods that don't need new images are all running as expected. If I look at my app registrations (under azure active directory) they were all created a year ago - so I'm concerned something expired and I don't know how to fix it.
推荐答案
通过使用以下方法禁用Log Analytics插件来完成此工作:
Got this working by disabling the Log Analytics addon using:
az aks disable-addons -a monitoring -n <AKSName> -g <ResourceGroupName>
根据我发布的错误消息之一,似乎我的日志分析只是导致事情崩溃了(虽然不确定为什么),所以暂时将其禁用并能够更新信誉
As per one of the error messages I posted, it seems my log analytics was just causing things to fall apart (not sure why though) so disabled it for the time being and was able to update creds with
az aks update-credentials --resource-group <group>--name <aks name>--reset-service-principal --service-principal <sp id> --client-secret <client-secret>
这篇关于无法使用AKS和ACR拉新图像的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
