github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
49670bee1817e885ce217e80d93d010e7bb631be
kubernetes/pkg
History
Kubernetes Submit Queue 49670bee18 Merge pull request #66429 from andyzhangx/acr-sp-fix 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix acr could not be listed in sp issue

**What this PR does / why we need it**:
after granting sp access to azure ACR , pull image from ACR would fail, and after wait about 15-30min(or restart kubelet directly), pull image would succeed. Root cause is that `servicePrincipalToken` needs to be refreshed when doing `registryClient.List`, otherwise it will always return empty registry list. Pull image error would be like following:
```
Events:
  Type     Reason                 Age              From                               Message
  ----     ------                 ----             ----                               -------
  Warning  FailedScheduling       8m (x3 over 8m)  default-scheduler                  0/1 nodes are available: 1 Insufficient cpu.
  Normal   Scheduled              8m               default-scheduler                  Successfully assigned nginx-server-776564f79c-zhtjk to aks-nodepool1-20881069-0
  Normal   SuccessfulMountVolume  8m               kubelet, aks-nodepool1-20881069-0  MountVolume.SetUp succeeded for volume "default-token-4t7tk"
  Normal   SuccessfulMountVolume  8m               kubelet, aks-nodepool1-20881069-0  MountVolume.SetUp succeeded for volume "pvc-5c1f0521-739f-11e8-9b69-0a58ac1f09c2"
  Warning  Failed                 8m (x5 over 8m)  kubelet, aks-nodepool1-20881069-0  Error: ImagePullBackOff
  Normal   BackOff                8m (x5 over 8m)  kubelet, aks-nodepool1-20881069-0  Back-off pulling image "andyacr.azurecr.io/nginx-server:1.0.0"
  Warning  Failed                 8m (x2 over 8m)  kubelet, aks-nodepool1-20881069-0  Error: ErrImagePull
  Warning  Failed                 8m (x2 over 8m)  kubelet, aks-nodepool1-20881069-0  Failed to pull image "andyacr.azurecr.io/nginx-server:1.0.0": rpc error: code = Unknown desc = Error response from daemon: Get https://andyacr.azurecr.io/v2/nginx-server/manifests/1.0.0: unauthorized: authentication required
```

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #65225

**Special notes for your reviewer**:
After discuss with dong, `registryClient.List` won't be necessary, instead we return `{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"}` like aws, gce code logic, it will do the url matching.
I will cherry pick this PR to all supported version, every version has this issue.

**Release note**:

```
fix acr could not be listed in sp issue
```

/sig azure
/assign @feiskyer @khenidak @brendandburns @karataliu
2018-07-22 21:18:26 -07:00
..
api
Make conversion function names match expected values
2018-07-17 23:02:16 -04:00
apis
Merge pull request #65771 from smarterclayton/untyped
2018-07-19 09:29:00 -07:00
auth
Improve multi-authorizer errors
2018-07-06 10:55:17 -04:00
capabilities
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
client
clean up node expansion
2018-07-10 11:01:15 +08:00
cloudprovider
Merge pull request #66400 from nicksardo/fix-err-code
2018-07-20 05:30:12 -07:00
controller
Merge pull request #66389 from bertinatto/metrics_pv_controller
2018-07-20 05:30:09 -07:00
credentialprovider
fix acr sp access issue
2018-07-20 08:39:31 +00:00
features
dry-run: Create feature-gate flag
2018-07-20 11:40:06 -07:00
fieldpath
fieldpath: Add tests for missing cases
2018-07-12 10:26:18 +02:00
generated
Merge pull request #65737 from roycaihw/api-linter
2018-07-13 18:00:00 -07:00
kubeapiserver
kube-apiserver: disallow --secure-port 0
2018-07-09 14:03:08 +02:00
kubectl
Merge pull request #66398 from deads2k/cli-04-make-logs-generic-again
2018-07-20 18:51:05 -07:00
kubelet
Merge pull request #65660 from mtaufen/incremental-refactor-kubelet-node-status
2018-07-20 12:12:24 -07:00
kubemark
Remove unused io util writer & volume host GetWriter()
2018-07-09 14:09:48 -07:00
master
generated
2018-07-13 11:41:09 -04:00
printers
tolerate missing column headers in server-side print output
2018-07-19 20:55:01 -04:00
probe
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
proxy
generated: Avoid use of reflect.Call in conversion code paths
2018-07-17 23:02:16 -04:00
quota
Merge pull request #65572 from yue9944882/fixes-admission-operation-mismatch-for-create-on-update
2018-07-19 10:42:54 -07:00
registry
Send correct headers for pod printing
2018-07-19 20:55:00 -04:00
routes
Remove /ui/ redirect
2018-02-12 10:54:33 -05:00
scheduler
Merge pull request #63665 from xchapter7x/pkg-scheduler-core
2018-07-21 01:52:30 -07:00
security
Cleanup & fix PodSecurityPolicy field path usage
2018-07-18 17:47:32 -07:00
securitycontext
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
serviceaccount
fix a nit error in log
2018-06-27 14:21:27 +08:00
ssh
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
util
Merge pull request #65594 from liggitt/node-csr-addresses-2
2018-07-11 22:25:07 -07:00
version
Set gazelle:importmap_prefix for everything under staging/src
2018-06-22 16:22:57 -07:00
volume
Merge pull request #65660 from mtaufen/incremental-refactor-kubelet-node-status
2018-07-20 12:12:24 -07:00
watch/json
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
windows/service
Update to gazelle 0.12.0 and run hack/update-bazel.sh
2018-06-22 16:22:18 -07:00
.import-restrictions
BUILD
Autogenerated stuff
2018-06-27 13:31:10 +02:00
OWNERS