I have a github workflow pipeline that builds and deploys an image to Azure Kubernetes Cluster.
The workflow runs and shows that the build and deploy is successful but when I expand the steps in the deploy build job I get this error at the level of the Deploys application sub-job
/usr/bin/docker pull restauappacr.azurecr.io/restau-app:ea4db1550f01e9e6b34b0499bfe2b6355d39fcee
Error response from daemon: Head "https://restauappacr.azurecr.io/v2/restau-app/manifests/ea4db1550f01e9e6b34b0499bfe2b6355d39fcee": unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
Warning: Failed to get dockerfile path for image restauappacr.azurecr.io/restau-app:ea4db1550f01e9e6b34b0499bfe2b6355d39fcee: Error: The process '/usr/bin/docker' failed with exit code 1
/usr/local/bin/kubectl get namespace/aks-workflow -o json --namespace aks-workflow
My Django app actually runs locally and I succeeded in building its image and deploying to my azure AKS cluster of which I am able to access the application via the IP address of the load balancer service in a browser.
After deploying this app to my AKS cluster locally, I now decided to push the app to a Github repository and enable automated deployments using Azure AKS Automated Deployments such that whenever I make a commit the Github workflows job generated by Azure actually triggers and the build and deploy jobs begin to run.
Both jobs actually run successfully but when I expand the steps in the deploy build job to monitor the steps I notice this error and warning.
Trying to access the app from the IP address of the apps load balancer service in the browser it shows the connection has timed out.
** YOU MIGHT FIND THIS HELPFUL**
- MY DOCKER FILE (Dockerfile)
# Use the official Python image from the Docker Hub
FROM python:3.11-slim
# Make a new directory to put our code in.
RUN mkdir /code
# Change the working directory.
WORKDIR /code
# Copy to code folder
COPY . /code/
# Install the requirements.
RUN pip install --no-cache-dir -r requirements.txt
# Run the application:
CMD python manage.py runserver 0.0.0.0:8000
- MY MANIFEST FILE (restauapp.yaml)
apiVersion: apps/v1
kind: Deployment
metadata:
name: restau-app
spec:
replicas: 1
selector:
matchLabels:
app: restau-app
template:
metadata:
labels:
app: restau-app
spec:
containers:
- name: restau-app
image: restauappacr.azurecr.io/restau-app:v2
ports:
- containerPort: 8000
env:
- name: DATABASE_HOST
value: "***"
- name: DATABASE_USER
value: "***"
- name: DATABASE_PASSWORD
value: "***"
- name: DATABASE_NAME
value: "***"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- restau-app
topologyKey: "kubernetes.io/hostname"
---
apiVersion: v1
kind: Service
metadata:
name: restau-app-alb
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 8000
selector:
app: restau-app
- WORKFLOW FILE (newapp-workflow.yaml)
name: newapp-workflow
"on":
push:
branches:
- main-v2
workflow_dispatch: {}
env:
ACR_RESOURCE_GROUP: project1-rg
AZURE_CONTAINER_REGISTRY: restauappacr
CLUSTER_NAME: newapp-cluster
CLUSTER_RESOURCE_GROUP: newapp-cluster_group_1687195213832
CONTAINER_NAME: restau-app
DEPLOYMENT_MANIFEST_PATH: |
./restauapp.yaml
jobs:
buildImage:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
name: Azure login
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- name: Build and push image to ACR
run: az acr build --image ${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.ACR_RESOURCE_GROUP }} -f ./Dockerfile ./
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs:
- buildImage
steps:
- uses: actions/checkout@v3
- uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
name: Azure login
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- uses: azure/use-kubelogin@v1
name: Set up kubelogin for non-interactive login
with:
kubelogin-version: v0.0.25
- uses: azure/aks-set-context@v3
name: Get K8s context
with:
admin: "false"
cluster-name: ${{ env.CLUSTER_NAME }}
resource-group: ${{ env.CLUSTER_RESOURCE_GROUP }}
use-kubelogin: "true"
- uses: Azure/k8s-deploy@v4
name: Deploys application
with:
action: deploy
images: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
namespace: newapp-workflow
- PROJECT FOLDER STRUCTURE
- ROLE ASSIGNMENTS IN MY CLUSTER
- ROLE ASSIGNMENTS IN MY CONTAINER REGISTRY
