我创建了一个 Bitbucket 管道并尝试将基本 pod 部署到 Azure AKS。 bitbucket-pipelines.yml 在下面;
image: atlassian/default-image:2
options:
docker: true
pipelines:
default:
- step:
name: Docker login
caches:
- docker
script:
- docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASSWORD
- step:
name: "Deploy to PROD"
deployment: production
script:
- pipe: microsoft/azure-aks-deploy:1.0.0
variables:
AZURE_APP_ID: $AZURE_APP_ID
AZURE_PASSWORD: $AZURE_PASSWORD
AZURE_TENANT_ID: $AZURE_TENANT_ID
AZURE_AKS_NAME: "demo-aks"
AZURE_RESOURCE_GROUP: "demo-rg"
KUBECTL_COMMAND: 'apply'
KUBERNETES_SPEC_FILE: 'test.yaml'
和test.yaml文件在下面;
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: test
spec:
containers:
- name: test
image: myrepository/test:1234
command: ["/bin/sleep", "3650d"]
imagePullPolicy: IfNotPresent
restartPolicy: Always
“kubectl apply -f test-yaml”命令似乎已成功执行,并且正在尝试创建 pod,但出现“docker login”错误。
Warning Failed 9s (x2 over 24s) kubelet Failed to pull image "myrepository/test:1234": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myrepository/test, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 9s (x2 over 24s) kubelet Error: ErrImagePul
Docker 用户和传递变量已经添加并且它们是正确的。不知道问题出在哪里。 谢谢!
答案 0 :(得分:3)
您是否在 AKS 中创建了正确的 Docker 凭据? 如果您确定 docker login 是正确的,那么在 AKS 中创建以下机密:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
其中 <path/to/.docker/config.json>
通常是 ~/.docker/config.json(当然您需要能够从您的机器访问该存储库)。
然后,在您的 pod 定义中引用这个秘密凭证:
imagePullSecrets:
- name: regcred
使用您的示例:
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
app: test
spec:
containers:
- name: test
image: myrepository/test:1234
command: ["/bin/sleep", "3650d"]
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: regcred
restartPolicy: Always
AKS 可以轻松地从公共 Docker Hub 存储库或 Azure ACR(Azure 容器注册表)中提取图像,但要连接到私有 Docker Hub,您需要提供正确的连接数据。
参考:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/