K
Q

Uploading personal docker image to Azure Container Registry - ErrImagePull

11/2/2019

I am building a small docker image of this way:

In my Dockerfile I am adding an specific configuration in etc/apache2/apache2.conf about redirect http to https rule:

Specifically this rule

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>

So, my Dockerfile is

FROM wordpress:5.2.4

RUN apt-get update && apt-get install -y \
    nano wget

COPY etc/apache2/apache2.conf /etc/apache2/apache2.conf

So, when it finish, I got two images in my local docker environment

REPOSITORY                   TAG      
customize_wordpress          5.2.4     
wordpress                    5.2.4

Being customize_wordpress:5.2.4 my personal image and wordpress:5.2.4 the base public image that I used at FROM instruction above in the Dockerfile

Like my purpose is upload my custom image customize_wordpress:5.2.4 to azure container registry, I am following this article in order to do it

I am doing the docker tag command of this way

docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4

And it works. Also I push the image and it works as well

docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed 
b032b61b15b2: Pushed  
12fe3564ccac: Pushed 
4e9b2aba858c: Pushed 
b67d19e65ef6: Pushed 
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128
[I]

enter image description here

So, I have these data as a environment variables in order to pass them to the helm command

export acr_login_server=registryname.azurecr.io
export acr_repository=customize_wordpress
export image_tag=5.2.4

But when I did the helm command

⟩ helm3 install  wordpress-site-4 ./Deployments/Kubernetes/HelmCharts/wordpress/  --set image.registry=$acr_login_server,image.repository=$acr_repository,image.tag=$image_tag,image.pullPolicy=Always,wordpressUsername=$wordpressUsername,wordpressPassword=$wordpressPassword,wordpressEmail=$wordpressEmail,mariadb.enabled=false,externalDatabase.host=$database_host,externalDatabase.user=$database_user,externalDatabase.password=$database_password,externalDatabase.database=$database_name,externalDatabase.port=3306

I could see in my kubernetes environment that the pod say that the image is not pulled. I got

Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     2m20s (x4 over 3m39s)  kubelet, aks-defaultpool-34253081-vmss000001  Error: ErrImagePull
 Normal   Pulling    2m21s (x4 over 3m40s)  kubelet, aks-defaultpool-34253081-vmss000001  Pulling image "customize_wordpress:5.2.4"
  Warning  Failed     2m20s (x4 over 3m39s)  kubelet, aks-defaultpool-34253081-vmss000001  Failed to pull image "customize_wordpress:5.2.4": rpc error: code = Unknown desc = Error response from daemon: pull access denied for customize_wordpress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     2m20s (x4 over 3m39s)  kubelet, aks-defaultpool-34253081-vmss000001  Error: ErrImagePull
  Normal   BackOff    114s (x6 over 3m38s)   kubelet, aks-defaultpool-34253081-vmss000001  Back-off pulling image "customize_wordpress:5.2.4"
  Warning  Failed     103s (x7 over 3m38s)   kubelet, aks-defaultpool-34253081-vmss000001  Error: ImagePullBackOff

I am doing this helm command from azure devops, and previously I logged in to my ACR of multiple ways such as:

echo "Log in to an Azure Container Registry"
# docker login $(acr_login_server) --username $(service_principal_name_ci-cd-app-id) --password $(service_principal_name_ci-cd-password)
az acr login --name $(acr_name)

But the result is the same from the pod, I cannot pull the image

That's why I consider that I don't need to reference the docker registry secrets inside kubernetes and in the imagePullSecrets attribute in the helm chart values.yaml.

Despite everything I try to create that docker registry secret with my acr data but the result is the same as well.

How can I upload my customize image and pull it from Kubernetes?

-- bgarcial
azure
docker
kubernetes
wordpress

Similar Questions

Why the path does not get mount?
Balancing traffic using least connection in Kubernetes
What is the difference between "gcloud container clusters" and "kubectl" commands when using them to provision K8S cluster on GCP?
What is the following error when I try to deploy kube-batch using helm?
Which port of localhost can I select in order to create a docker container?
Kubernetes pod Back-off restarting failed container with CrashLoopBack error
kubectl command throwing &quot;connection reset by peer&quot; after many subsequent requests

1 Answer

11/3/2019

Like my AKS cluster and my azure container registry, both already do exist before the private image installation, I didn't realize that I had to associate the aks cluster with the Azure container registry

It says here https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration#configure-acr-integration-for-existing-aks-clusters

So, this is the complete workflow to build our private docker image, uploaded to our private container registry (in my case Azure Container Registry) and pull that image from Azure Kubernetes service:

  • Build the image

docker build -t customize_wordpress:5.2.4 .

It creates the customize_wordpress:5.2.4 image

  • Creating tag: We need to create a tag in order to upload our image to our ACR We have to include in the tag our ACR host server, in my case registryname.azurecr.io Here for more information and here
docker tag customize_wordpress:5.2.4 registryname.azurecr.io/customize_wordpress:5.2.4
  • Push the image: Please, we have to be sure of use our complete tag created in the immediately previous step, I mean registryname.azurecr.io/customize_wordpress:5.2.4
docker push registryname.azurecr.io/customize_wordpress:5.2.4
The push refers to repository [registryname.azurecr.io/customize_wordpress]
b63469233da6: Pushed 
b032b61b15b2: Pushed 
b67d19e65ef6: Pushed 
5.2.4: digest: sha256:dc62844f946a49f2e724fa38bad6e2cab73a4561b22b690876ab5534febd3569 size: 5128

And then before to install my Wordpress application, in my case from helm chart command (referenced above in my question), here comes the configuration of my ACR to work with my AKS cluster

I execute the aks update command:

⟩ az aks update -n MyClusterName -g MyResourceGroup --attach-acr MyACRName

So, when I install my helm chart, the image is up and running

Events:
  Type     Reason     Age                   From                                          Message
  ----     ------     ----                  ----                                          -------
  Normal   Scheduled  14m                   default-scheduler                             Successfully assigned default/wordpress-site-4-6565b8c64f-w7xvq to aks-defaultpool-34253081-vmss000000
  Normal   Pulling    14m                   kubelet, aks-defaultpool-34253081-vmss000000  Pulling image "registryname.azurecr.io/customize_wordpress:5.2.4"
  Normal   Pulled     14m                   kubelet, aks-defaultpool-34253081-vmss000000  Successfully pulled image "registryname.azurecr.io/customize_wordpress:5.2.4"
  Normal   Created    14m                   kubelet, aks-defaultpool-34253081-vmss000000  Created container wordpress

If we do that, we don't need to reference the docker registry secret and any imagePullSecrets attribute in our helm chart or yaml file, our image will be pulled without reference any credentials

-- bgarcial
Source: StackOverflow