search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.98k stars 2.96k forks source link

Azure Pipeline issue with AzureCLI Task failing when accessing Container Group #18596

Open chriscordova opened 3 years ago

chriscordova commented 3 years ago

Describe the bug During the Azure Pipeline process which contains an AzureCLI task to create a container based on a .yaml file, the tasks fails producing the following error.

ERROR: (InaccessibleImage) The image 'XXXX' in container group 'XXXXX' is not accessible. Please check the image and registry credential

To Reproduce

Expected behavior

Environment summary azure-cli 2.24.2 azure-devops 0.18.0

Additional context This is the inline shell script used for the Azure CLI Task. sed -Ei "s|empty|$(password)|g" ./data-aci.yaml sed -i '12s/latest/$(Build.BuildId).0.0/g' ./data-aci.yaml az container create --resource-group XXXXXXX --file data-aci.yaml --restart-policy OnFailure

This is happening to all pipelines for multiple repositories connected to the same Container Registry which were all working fine this morning as we had deployed to these containers then.

ghost commented 3 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @narula0781, @ashishonce, @romil07.

Issue Details
**Describe the bug** During the Azure Pipeline process which contains an AzureCLI task to create a container based on a .yaml file, the tasks fails producing the following error. `ERROR: (InaccessibleImage) The image 'XXXX' in container group 'XXXXX' is not accessible. Please check the image and registry credential` **To Reproduce** **Expected behavior** **Environment summary** azure-cli 2.24.2 azure-devops 0.18.0 **Additional context** This is the inline shell script used for the Azure CLI Task. `sed -Ei "s|empty|$(password)|g" ./data-aci.yaml sed -i '12s/latest/$(Build.BuildId).0.0/g' ./data-aci.yaml az container create --resource-group XXXXXXX --file data-aci.yaml --restart-policy OnFailure` This is happening to all pipelines for multiple repositories connected to the same Container Registry which were all working fine this morning as we had deployed to these containers then.
Author: chriscordova
Assignees: -
Labels: `DevOps`, `Pipelines`, `Service Attention`
Milestone: -
yonzhan commented 3 years ago

route to service team

chriscordova commented 3 years ago

This looks to have corrected itself overnight as all pipeline deployments are working as expected this morning without any action on our end to any of our environments. Are we able to get an explanation of what may have caused this?

Wedmalm commented 1 year ago

We are having the exact same problem right now. It started last evening when our nightly runs where supposed to start. The pipeline has a retry of 10 when creating the container but it failed each time with above error message. This has been working every night since we created the pipeline in beginning of june. The container is usually deployed in west europe.

amergey commented 1 year ago

same issue with cli on my side since this week Failed to restart the container group 'xxxx'. Error: The image 'dependencytrack/apiserver:latest' in container group 'xxxx' is not accessible. Please check the image and registry credential. dependencytrack/apiserver:latest is a public docker image, the container is deployed in west europe. It was working fine for several months until now

francisphn commented 1 year ago

We're having the same issue in australiaeast with Docker images in both ACR and other sources.

Here's what the Terraform error message looking like for us. We're obviously not using Azure CLI here, but it seems like we're running into the same problem.

╷
│ Error: creating Container Group (Subscription: "xxx"
│ Resource Group Name: "atlantis"
│ Container Group Name: "atlantis"): performing ContainerGroupsCreateOrUpdate: containerinstance.ContainerInstanceClient#ContainerGroupsCreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InaccessibleImage
" Message="The image 'infracost/infracost-atlantis:latest' in container group 'xxx' is not accessible. Please check the image and registry credential."
│
│   with azurerm_container_group.atlantis,
│   on main.tf line 45, in resource "azurerm_container_group" "atlantis":
│   45: resource azurerm_container_group atlantis {
│
╵

What we've also tried without success:

amergey commented 1 year ago

It seems it comes from the fact that azure does not support OCI image manifest, the workaround I found is to pull public image with OCI manifest in ACR and creates container from ACR instead of docker hub

Magnuti commented 1 year ago

I had the same issue and found out that the images were built to the linux/arm64 architecture since I built the images on my M1 Mac. Azure Container Instances only supports linux/amd64 architecture as far as I understood. Either set --platform in the Azure CLI or platform: linux/amd64 in the yaml if you use docker-compose build -f conf.yml.