Getting "containers with unready status: []" error in Kubernetes

azure kubernetes azure-aks azure-container-registry
26,494

What happens here (most likely) - your AKS doesnt have permissions to pull images frmo you ACR (that's the default behaviour). You need to grant those (link):

#!/bin/bash

AKS_RESOURCE_GROUP=myAKSResourceGroup
AKS_CLUSTER_NAME=myAKSCluster
ACR_RESOURCE_GROUP=myACRResourceGroup
ACR_NAME=myACRRegistry

# Get the id of the service principal configured for AKS
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)

# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

# Create role assignment
az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID

Alternative is to just use a docker login secret (that article mentions that as well).

Example image in ACR: enter image description here

image name would be

clrtacr.azurecr.io/dns:tag (or without tag for latest)

Share:
26,494
4c74356b41
Author by

4c74356b41

Just an average individual working on Azure stuff. All opinions are my own. btc: 17pHWAH5HnbW4SNZSXwkC142mvpL8Asub9 eth: 0x6a283e80D4e9B7E471532375ed652594595A5a6b xrp: 17pHWAH5HnbW4SNZSXwkC142mvpL8Asub9 paypal.me

Updated on July 08, 2022

Comments

  • 4c74356b41
    4c74356b41 almost 2 years

    I'm trying to deploy a Kubernetes Pod in AKS (I'm new to Kubernetes, so at this stage, I just want to create a container, deploy to Kubernetes and connect to it).

    My Yaml file is as follows:

    apiVersion: v1
kind: Pod
spec: 
  containers:
    - name: dockertest20190205080020
      image: dockertest20190205080020.azurecr.io    
      ports:
      - containerPort: 443
metadata: 
  name: my-test

    I've created the image in Azure Container Registry and, according to the CLI, successfully deployed it to Kubernetes.

    After deploying, I used the following command:

    kubectl get service

    And it tells me there is no External IP to connect to. I then tried:

    kubectl describe pod my-test

    Which gave the following errors:

     Events:
   Warning  Failed   4m (x2221 over 8h)  kubelet, aks-nodepool1-27401563-2  Error: ImagePullBackOff
   Normal   BackOff  0s (x2242 over 8h)  kubelet, aks-nodepool1-27401563-2  Back-off pulling image "dockertest20190205080020.azurecr.io"

    I then tried editing the deployment:

    kubectl edit pods my-test

    Which game me the error:

    message: 'containers with unready status: [dockertest20190205080020]'

    I'm not a little unsure what my next diagnostic step would be. I get the impression there's an issue with the container or the container registry, but I'm unsure how to determine what that may be.

    • Admin
      Admin over 5 years
      Thanks to everyone for their help. The correct answer actually turned out to be a combination of the two answers: I didn't have permission, but I also hadn't specified the image name.
  • Admin
    Admin over 5 years
    I had tried something similar to this, but I tried this and it made no difference. I think you might be on the right lines with permissions, though. When I run the dashboard, I get a series of errors such as: services is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list services in the namespace "default"
  • 4c74356b41
    4c74356b41 over 5 years
    dashboard is something completely different, just grant dashboard serviceaccount permissions
  • Admin
    Admin over 5 years
    Thanks: the dashboard now works, and gives me a clearer (?) error: Failed to pull image "dockertest20190205080020.azurecr.io": rpc error: code = Unknown desc = Error response from daemon: pull access denied for dockertest20190205080020.azurecr.io, repository does not exist or may require 'docker login'
  • 4c74356b41
    4c74356b41 over 5 years
    like i said, you need to grant aks permissions to acr, please read the answer
  • Admin
    Admin over 5 years
    I did not know there was an error in the YAML file. How / where would I get the image name and version from? Is it in the docker file, as I can't see anything there that's obvious?
  • Charles Xu
    Charles Xu over 5 years
    @SmileyDev No, dockertest20190205080020.azurecr.io is an Azure Container Registry and you find the image name and version in it if you pushed your image to it.
  • Admin
    Admin over 5 years
    Sorry if I'm being dim here, but how do I identify the image name? Or if not identify the image name, is there a way that I can test if the image name exists in the container registry?
  • Admin
    Admin over 5 years
    I've read, and tried your solution several times, but am still getting the same issue.
  • 4c74356b41
    4c74356b41 over 5 years
    your image name is registryname.azurecr.io/imagename, check updated answer
  • Charles Xu
    Charles Xu over 5 years
    @SmileyDev Yes, you can use the Azure CLI command to see if the image exists in the ACR. Take a look at Create a private container registry using the Azure CLI.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to fix "Kibana server is not ready yet" error when using AKS
ImagePullBackOff error in Kubernetes while pulling docker images from private dockerhub registry
AWS ECR PULL no basic auth credentials
How to work a job queue with kubernetes with scaling
How to Integrate GitLab-Ci w/ Azure Kubernetes + Kubectl + ACR for Deployments?
Stop all compute in AKS (Azure Managed Kubernetes)
Failed to pull image - unauthorized: authentication required (ImagePullBackOff )
Kubernetes ingress "an error on the server ("") has prevented the request from succeeding"
Azure Container Registry `docker login` does not work
Can not find kubectl executable in PATH