【发布时间】:2019-10-18 16:23:32
【问题描述】:
我正在遵循有关如何在 Azure Kubernetes 服务上创建 Windows Server 容器的指南。 Link
我提取了指南中演示的示例图像 (mcr.microsoft.com/dotnet/framework/samples:aspnetapp),对其进行了标记并将其上传到 Azure 容器注册表。 将应用程序部署到 Kubernetes 后,Pod 无法从容器注册表中提取映像。我还尝试使用来自 Docker hub 的原始图像导致同样的问题。
下面是 kubectl describe 命令在其中一个 pod 上的输出
Name: hello-world-56c76d8549-7248k
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: aksnpwin000000/10.240.0.35
Start Time: Sat, 01 Jun 2019 19:33:21 +0530
Labels: app=hello-world
pod-template-hash=56c76d8549
Annotations: <none>
Status: Pending
IP: 10.240.0.47
Controlled By: ReplicaSet/hello-world-56c76d8549
Containers:
hello-world:
Container ID:
Image: pocaspnetcoreweb.azurecr.io/pocaspnetcoreweb:v1
Image ID:
Port: 80/TCP
Host Port: 0/TCP
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Limits:
cpu: 1
memory: 800m
Requests:
cpu: 100m
memory: 300m
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-m647n (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-m647n:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-m647n
Optional: false
QoS Class: Burstable
Node-Selectors: beta.kubernetes.io/os=windows
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 18m default-scheduler Successfully assigned default/hello-world-56c76d8549-7248k to aksnpwin000000
Normal SandboxChanged 17m kubelet, aksnpwin000000 Pod sandbox changed, it will be killed and re-created.
Warning Failed 17m (x3 over 17m) kubelet, aksnpwin000000 Failed to pull image "pocaspnetcoreweb.azurecr.io/pocaspnetcoreweb:v1": [rpc error: code = Unknown desc = a Windows version 10.0.18362-based image is incompatible with a 10.0.17763 host, rpc error: code = Unknown desc = Error response from daemon: Get https://pocaspnetcoreweb.azurecr.io/v2/pocaspnetcoreweb/manifests/v1: unauthorized: authentication required]
Normal Pulling 16m (x4 over 17m) kubelet, aksnpwin000000 Pulling image "pocaspnetcoreweb.azurecr.io/pocaspnetcoreweb:v1"
Warning Failed 2m55s (x65 over 17m) kubelet, aksnpwin000000 Error: ImagePullBackOff
事件部分有一个带有消息的事件
Warning Failed 17m (x3 over 17m) kubelet, aksnpwin000000 Failed to pull image "pocaspnetcoreweb.azurecr.io/pocaspnetcoreweb:v1": [rpc error: code = Unknown desc = a Windows version 10.0.18362-based image is incompatible with a 10.0.17763 host, rpc error: code = Unknown desc = Error response from daemon: Get https://pocaspnetcoreweb.azurecr.io/v2/pocaspnetcoreweb/manifests/v1: unauthorized: authentication required]
该消息对我来说似乎很清楚,因为它抱怨容器和主机之间的 Windows 版本不匹配。
我的 Kubernetes 部署文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world
labels:
app: hello-world
spec:
replicas: 1
template:
metadata:
name: hello-world
labels:
app: hello-world
spec:
nodeSelector:
"beta.kubernetes.io/os": windows
containers:
- name: hello-world
image: pocaspnetcoreweb.azurecr.io/pocaspnetcoreweb:v1
resources:
limits:
cpu: 1
memory: 800m
requests:
cpu: .1
memory: 300m
ports:
- containerPort: 80
imagePullSecrets:
- name: acr-auth
selector:
matchLabels:
app: hello-world
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
selector:
app: sample
如何确保容器和主机之间的 windows 版本匹配?有什么方法可以指定将在主机上使用的 Windows 版本?
【问题讨论】:
-
这个错误似乎有两个问题,一个是基础镜像版本与你的windows节点不兼容。尝试使用版本为 10.0.17763 的基础映像。另一个是从 ACR 对您的图像进行身份验证。检查一下。
-
拉取特定标签,否则它将尝试匹配您的开发工作站。所以拉
mcr.microsoft.com/dotnet/framework/samples:aspnetapp:aspnetapp-windowsservercore-ltsc2019。此外,您对 CR 的身份验证失败的错误消息投诉不是版本不匹配 -
是的,拉特定标签是问题的解决方案。同样在我正确拉出特定标签后,关于身份验证的第二个错误消失了。感谢您的帮助!
标签: azure-aks windows-container windows-server-container