Docker无法从Azure App Service中提取图像

问题描述 投票:0回答:1

App Service上的容器设置本身看起来很牢固:enter image description here

但是日志窗格显示错误:

enter image description here

2020-02-11 06:31:40.621 ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2020-02-11 06:31:41.240 INFO  - Stoping site app505-dfpg-qa2-web-eastus2-gateway-apsvc because it failed during startup.
2020-02-11 06:36:05.546 INFO  - Starting container for site
2020-02-11 06:36:05.551 INFO  - docker run -d -p 9621:8081 --name app505-dfpg-qa2-web-eastus2-gateway-apsvc_0_a9c8277e_msiProxy -e WEBSITE_SITE_NAME=app505-dfpg-qa2-web-eastus2-gateway-apsvc -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=app505-dfpg-qa2-web-eastus2-gateway-apsvc.azurewebsites.net -e WEBSITE_INSTANCE_ID=7d18d5957d129d3dc3a25d7a2c85147ef57f1a6b93910c50eb850417ab59dc56 appsvc/msitokenservice:1904260237  

2020-02-11 06:36:05.552 INFO  - Logging is not enabled for this container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
2020-02-11 06:36:17.766 INFO  - Pulling image: a...cr/gateway:1.0.20042.2
2020-02-11 06:36:17.922 ERROR - DockerApiException: Docker API responded with status code=NotFound, response={"message":"pull access denied for a...cr/gateway, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"}

2020-02-11 06:36:17.923 ERROR - Pulling docker image a...cr/gateway:1.0.20042.2 failed:
2020-02-11 06:36:17.923 INFO  - Pulling image from Docker hub: a...cr/gateway:1.0.20042.2
2020-02-11 06:36:18.092 ERROR - DockerApiException: Docker API responded with status code=NotFound, response={"message":"pull access denied for a...cr/gateway, repository does not exist or may require 'docker login': denied: requested access to the resource is denied"}

2020-02-11 06:36:18.094 ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2020-02-11 06:36:19.062 INFO  - Stoping site app505-dfpg-qa2-web-eastus2-gateway-apsvc because it failed during startup.

用于部署App Service的服务主体对容器注册表的父资源组具有AcrPush访问权限:enter image description here

存在该设置:

enter image description here

我使用该服务主体进行了az login,然后尝试了对注册表的az acr login。它工作正常。那我在这里想念什么?

编辑1

我知道凭据是正确的,因为我像这样测试它们:enter image description here

我刚刚从应用程序服务配置中复制值并粘贴到控制台的位置。 docker登录没有问题。

必须是其他东西。

编辑2

但是,我也得到这个:

C:\Dayforce\fintech [shelve/terraform ≡]> docker pull a...r/gateway
Using default tag: latest
Error response from daemon: pull access denied for a...r/gateway, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

所以,我可以登录,但不能拉。非常奇怪,因为该帐户被配置为对包含AcrPush的容器具有AcrPull访问权限:enter image description here

编辑3

当使用FQDN进行注册表时,我能够成功提取:enter image description here

我更新了管道,但是仍然出现相同的错误:

2020-02-11 16:03:50.227 ERROR - Pulling docker image a...r.azurecr.io/gateway:1.0.20042.2 failed:
2020-02-11 16:03:50.228 INFO  - Pulling image from Docker hub: a...r.azurecr.io/gateway:1.0.20042.2
2020-02-11 16:03:50.266 ERROR - DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Get https://a...r.azurecr.io/v2/gateway/manifests/1.0.20042.2: unauthorized: authentication required"}

2020-02-11 16:03:50.269 ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2020-02-11 16:03:50.853 INFO  - Stoping site app505-dfpg-qa2-web-eastus2-gateway-apsvc because it failed during startup.

编辑4

我发现工作的唯一方法是在ACR上启用管理员用户,并在DOCKER _...变量中传递其凭据,而不是服务主体的凭据。

这很令人沮丧,我知道服务主体可以在本地运行时登录并提取,这是一个谜,为什么它不适用于在App Service主机上运行的Docker。我们这里还有另一个团队面临同样的问题,他们还没有找到任何解决方案,但是启用了管理员用户。

azure docker azure-web-app-service
1个回答
0
投票

从我得到的谈话信息中,让我解决您对该错误的困惑。

© www.soinside.com 2019 - 2024. All rights reserved.