Getting "containers with unready status: []" error in Kubernetes
What happens here (most likely) - your AKS doesnt have permissions to pull images frmo you ACR (that's the default behaviour). You need to grant those (link):
#!/bin/bash
AKS_RESOURCE_GROUP=myAKSResourceGroup
AKS_CLUSTER_NAME=myAKSCluster
ACR_RESOURCE_GROUP=myACRResourceGroup
ACR_NAME=myACRRegistry
# Get the id of the service principal configured for AKS
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
# Create role assignment
az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID
Alternative is to just use a docker login secret (that article mentions that as well).
image name would be
clrtacr.azurecr.io/dns:tag (or without tag for latest)
4c74356b41
Just an average individual working on Azure stuff. All opinions are my own. btc: 17pHWAH5HnbW4SNZSXwkC142mvpL8Asub9 eth: 0x6a283e80D4e9B7E471532375ed652594595A5a6b xrp: 17pHWAH5HnbW4SNZSXwkC142mvpL8Asub9 paypal.me
Updated on July 08, 2022Comments
-
4c74356b41 almost 2 years
I'm trying to deploy a Kubernetes Pod in AKS (I'm new to Kubernetes, so at this stage, I just want to create a container, deploy to Kubernetes and connect to it).
My Yaml file is as follows:
apiVersion: v1 kind: Pod spec: containers: - name: dockertest20190205080020 image: dockertest20190205080020.azurecr.io ports: - containerPort: 443 metadata: name: my-test
I've created the image in Azure Container Registry and, according to the CLI, successfully deployed it to Kubernetes.
After deploying, I used the following command:
kubectl get service
And it tells me there is no External IP to connect to. I then tried:
kubectl describe pod my-test
Which gave the following errors:
Events: Warning Failed 4m (x2221 over 8h) kubelet, aks-nodepool1-27401563-2 Error: ImagePullBackOff Normal BackOff 0s (x2242 over 8h) kubelet, aks-nodepool1-27401563-2 Back-off pulling image "dockertest20190205080020.azurecr.io"
I then tried editing the deployment:
kubectl edit pods my-test
Which game me the error:
message: 'containers with unready status: [dockertest20190205080020]'
I'm not a little unsure what my next diagnostic step would be. I get the impression there's an issue with the container or the container registry, but I'm unsure how to determine what that may be.
-
Admin over 5 yearsThanks to everyone for their help. The correct answer actually turned out to be a combination of the two answers: I didn't have permission, but I also hadn't specified the image name.
-
-
Admin over 5 yearsI had tried something similar to this, but I tried this and it made no difference. I think you might be on the right lines with permissions, though. When I run the dashboard, I get a series of errors such as: services is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list services in the namespace "default"
-
4c74356b41 over 5 yearsdashboard is something completely different, just grant dashboard serviceaccount permissions
-
Admin over 5 yearsThanks: the dashboard now works, and gives me a clearer (?) error: Failed to pull image "dockertest20190205080020.azurecr.io": rpc error: code = Unknown desc = Error response from daemon: pull access denied for dockertest20190205080020.azurecr.io, repository does not exist or may require 'docker login'
-
4c74356b41 over 5 yearslike i said, you need to grant aks permissions to acr, please read the answer
-
Admin over 5 yearsI did not know there was an error in the YAML file. How / where would I get the image name and version from? Is it in the docker file, as I can't see anything there that's obvious?
-
Charles Xu over 5 years@SmileyDev No,
dockertest20190205080020.azurecr.io
is an Azure Container Registry and you find the image name and version in it if you pushed your image to it. -
Admin over 5 yearsSorry if I'm being dim here, but how do I identify the image name? Or if not identify the image name, is there a way that I can test if the image name exists in the container registry?
-
Admin over 5 yearsI've read, and tried your solution several times, but am still getting the same issue.
-
4c74356b41 over 5 yearsyour image name is registryname.azurecr.io/imagename, check updated answer
-
Charles Xu over 5 years@SmileyDev Yes, you can use the Azure CLI command to see if the image exists in the ACR. Take a look at Create a private container registry using the Azure CLI.