azure - 从 Bitbucket 部署到 Azure AKS 失败

Question

我创建了一个 Bitbucket 管道并尝试将基本 Pod 部署到 Azure AKS。 bitbucket-pipelines.yml 如下；

image: atlassian/default-image:2

options:
  docker: true
pipelines:
  default:
    - step:
        name: Docker login
        caches:
           - docker
        script:
          - docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASSWORD
    - step:
        name: "Deploy to PROD"
        deployment: production
        script:
          - pipe: microsoft/azure-aks-deploy:1.0.0
            variables:
              AZURE_APP_ID: $AZURE_APP_ID
              AZURE_PASSWORD: $AZURE_PASSWORD
              AZURE_TENANT_ID: $AZURE_TENANT_ID
              AZURE_AKS_NAME: "demo-aks"
              AZURE_RESOURCE_GROUP: "demo-rg"
              KUBECTL_COMMAND: 'apply'
              KUBERNETES_SPEC_FILE: 'test.yaml'

test.yaml 文件如下；

apiVersion: v1
kind: Pod
metadata:
  name: test
  labels:
    app: test
spec:
  containers:
  - name: test
    image: myrepository/test:1234
    command: ["/bin/sleep", "3650d"]
    imagePullPolicy: IfNotPresent
  restartPolicy: Always

“kubectl apply -f test-yaml”命令似乎已成功执行，并且正在尝试创建 pod，但出现“docker login”错误。

  Warning  Failed     9s (x2 over 24s)   kubelet            Failed to pull image "myrepository/test:1234": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myrepository/test, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     9s (x2 over 24s)   kubelet            Error: ErrImagePul

Docker 用户和传递变量已添加，并且它们是正确的。不确定问题出在哪里。 谢谢!

Answer 1

您是否在 AKS 中创建了正确的 Docker 凭据？ 如果您确定 docker 登录正确，请在 AKS 中创建以下 key :

kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
    --type=kubernetes.io/dockerconfigjson

哪里<path/to/.docker/config.json>通常是 ~/.docker/config.json (当然，您需要能够从您的计算机访问该存储库)。

然后，在您的 Pod 定义中引用此 secret 凭证:

  imagePullSecrets:
  - name: regcred

使用您的示例:

apiVersion: v1
kind: Pod
metadata:
  name: test
  labels:
    app: test
spec:
  containers:
  - name: test
    image: myrepository/test:1234
    command: ["/bin/sleep", "3650d"]
    imagePullPolicy: IfNotPresent
  imagePullSecrets:
  - name: regcred
  restartPolicy: Always

AKS 可以轻松地从公共(public) Docker Hub 存储库或 Azure ACR(Azure 容器注册表)中提取镜像，但要连接到私有(private) Docker Hub，您需要提供正确的连接数据。

引用:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/