If your POD is in Waiting state on your EKS cluster, and you have checked the logs of POD and determine that the container in the Waiting state is scheduled on a worker node (for example, an EC2 instance), but can't run on that node, then its time to check if you are pulling right docker image from right repository or not.
So the first step is to make sure that the image and repository name is correct by logging into Amazon Elastic Container Registry (Amazon ECR), or another container image repository as per your use case. Then compare the repository or image from the repository with the repository or image name specified in the pod specification.
Login to your worker node in EKS, and run following command to make sure that you can successfully pull the image on your node:
docker pull nginx:latest
If you're using Amazon ECR, then verify that the repository policy allows image pull for the NodeInstanceRole. Or, verify that the AmazonEC2ContainerRegistryReadOnly role is attached to the policy. If this is not the case then you might be getting following error when you describe the pod:
Failed to pull image "nginx": rpc error: code = Unknown desc = Error response from daemon: pull access denied for nginx, repository does not exist or may require 'docker login'
No comments:
Post a Comment