GKE problem when running cronjob by pulling image from Artifact Registry-CodePudding

I created a cronjob with the following spec in GKE:

# cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: collect-data-cj-111
spec:
  schedule: "*/5 * * * *"
  concurrencyPolicy: Allow
  startingDeadlineSeconds: 100
  suspend: false
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: collect-data-cj-111
            image: collect_data:1.3
          restartPolicy: OnFailure

I create the cronjob with the following command:

kubectl apply -f collect_data.yaml

When I later watch if it is running or not (as I scheduled it to run every 5th minute for for the sake of testing), here is what I see:

$ kubectl get pods --watch
NAME                                 READY   STATUS              RESTARTS   AGE
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   0/1     Pending             0          0s
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   0/1     Pending             0          1s
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   0/1     ContainerCreating   0          1s
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   0/1     ErrImagePull        0          3s
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   0/1     ImagePullBackOff    0          17s
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   0/1     ErrImagePull        0          30s
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX   0/1     ImagePullBackOff    0          44s

It does not seem to be able to pull the image from Artifact Registry. I have both GKE and Artifact Registry created under the same project.

What can be the reason? After spending several hours in docs, I still could not make progress and I am quite new in the world of GKE.

If you happen to recommend me to check anything, I really appreciate if you also describe where in GCP I should check/control your recommendation.

ADDENDUM:

When I run the following command:

kubectl describe pods

The output is quite large but I guess the following message should indicate the problem.

    Failed to pull image "collect_data:1.3": rpc error: code = Unknown 
desc = failed to pull and unpack image "docker.io/library/collect_data:1.3":
 failed to resolve reference "docker.io/library/collect_data:1.3": pull 
access denied, repository does not exist or may require authorization: 
server message: insufficient_scope: authorization failed

How do I solve this problem step by step?

CodePudding user response：

From the error shared, I can tell that the image is not being pulled from Artifact Registry, and the reason for failure is because, by default, GKE pulls it directly from Docker Hub unless specified otherwise. Since there is no collect_data image there, hence the error.

The correct way to specify an image stored in Artifact Registry is as follows:

image: <location>-docker.pkg.dev/<project>/<repo-name>/<image-name:tag>

Be aware that the registry format has to be set to "docker" if you are using a docker-containerized image.

Take a look at the Quickstart for Docker guide, where it is specified how to pull and push docker images to Artifact Registry along with the permissions required.