Hi,
I’ve created a GKE cluster using the terraform module. I’ve given the service account the required permissions and I verified the artifact registry image url but my deployment keeps failing with ImagePullBackOff error.
I used a public GCP image without issue.
What am I missing?
Thanks
Which permission(s) did you grant to the node service account? And is Artifact Registry is the same project or in a different project?
Hi,
It’s all in the same project and the SA has artifactory reader and storage wiewer
Could you post some details of your deployment by K8S CLI? (kubectl describe deployment <deployment_name>)
Thanks 
I solved it by linking SA to Workload Identity.
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Hi,
I continued to try to solve the issue and I created a new node pool for ARM64 workloads. The original image was built for arm arch.
Here you have the deployment description (removed envs):
Name: sdk-virtual-pet
Namespace: sdk-apps
CreationTimestamp: Sun, 03 Sep 2023 18:18:39 +0000
Labels:
Annotations: deployment.kubernetes.io/revision: 3
Selector: app=sdk-virtual-pet-app
Replicas: 1 desired | 1 updated | 1 total | 0 available | 1 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=sdk-virtual-pet-app
Containers:
sdk-virtual-pet:
Image: us-west1-docker.pkg.dev/topia-gcp/sdk-apps/sdk-virtual-pet
Port: 3000/TCP
Host Port: 0/TCP
Environment:
Mounts:
Volumes:
Conditions:
Type Status Reason
Progressing True NewReplicaSetAvailable
Available False MinimumReplicasUnavailable
OldReplicaSets: sdk-virtual-pet-68784fdddc (0/0 replicas created), sdk-virtual-pet-56775fb76 (0/0 replicas created)
NewReplicaSet: sdk-virtual-pet-6b84595958 (1/1 replicas created)
Events:
Type Reason Age From Message
Normal ScalingReplicaSet 56m (x2 over 9h) deployment-controller Scaled up replica set sdk-virtual-pet-56775fb76 to 1 from 0
Normal ScalingReplicaSet 23m (x2 over 57m) deployment-controller Scaled down replica set sdk-virtual-pet-56775fb76 to 0 from 1
Normal ScalingReplicaSet 22m deployment-controller Scaled up replica set sdk-virtual-pet-6b84595958 to 1 from 0
I kept trying to get the gke cluster to deploy an ARM image but it always fails.
I have an ARM64 node pool with the taint :
Taints
NoSchedulekubernetes.io/arch=arm64
I added the nodeselector to tolerate that taint:
nodeSelector:
kubernetes.io/arch: arm64
and I still get this error:
Cannot schedule pods: Preemption is not helpful for scheduling.
reason: {
messageId: “no.scale.up.mig.failing.predicate”
parameters: [
0: “TaintToleration”
1: “node(s) had untolerated taint {kubernetes.io/arch: arm64}”
If I remove the node_selector, I get the error that the node has taints, if I added, I get the error that there are no nodes with the taint.
This is taking me too many days and I can’t get rid of the errors. Can someone help me understand what can be wrong?
Here are the definitions:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: “7”
creationTimestamp: “2023-09-03T18:18:39Z”
generation: 22
managedFields:
kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
gke-topia-gke-arm-node-pool-044e9d2e-lwdk Ready 12d v1.27.3-gke.100 arch=arm,beta.kubernetes.io/arch=arm64,beta.kubernetes.io/instance-type=t2a-standard-2,beta.kubernetes.io/os=linux,cloud.google.com/gke-boot-disk=pd-standard,cloud.google.com/gke-container-runtime=containerd,cloud.google.com/gke-cpu-scaling-level=2,cloud.google.com/gke-logging-variant=DEFAULT,cloud.google.com/gke-max-pods-per-node=110,cloud.google.com/gke-netd-ready=true,cloud.google.com/gke-nodepool=arm-node-pool,cloud.google.com/gke-os-distribution=cos,cloud.google.com/gke-provisioning=standard,cloud.google.com/gke-stack-type=IPV4,cloud.google.com/machine-family=t2a,cloud.google.com/private-node=false,cluster_name=topia-gke,default-node-pool=true,failure-domain.beta.kubernetes.io/region=us-central1,failure-domain.beta.kubernetes.io/zone=us-central1-b,iam.gke.io/gke-metadata-server-enabled=true,kubernetes.io/arch=arm64,kubernetes.io/hostname=gke-topia-gke-arm-node-pool-044e9d2e-lwdk,kubernetes.io/os=linux,node.kubernetes.io/instance-type=t2a-standard-2,node_pool=arm-node-pool,topology.gke.io/zone=us-central1-b,topology.kubernetes.io/region=us-central1,topology.kubernetes.io/zone=us-central1-b
gke-topia-gke-arm-node-pool-b1c1fb22-prrs Ready 12d v1.27.3-gke.100 arch=arm,beta.kubernetes.io/arch=arm64,beta.kubernetes.io/instance-type=t2a-standard-2,beta.kubernetes.io/os=linux,cloud.google.com/gke-boot-disk=pd-standard,cloud.google.com/gke-container-runtime=containerd,cloud.google.com/gke-cpu-scaling-level=2,cloud.google.com/gke-logging-variant=DEFAULT,cloud.google.com/gke-max-pods-per-node=110,cloud.google.com/gke-netd-ready=true,cloud.google.com/gke-nodepool=arm-node-pool,cloud.google.com/gke-os-distribution=cos,cloud.google.com/gke-provisioning=standard,cloud.google.com/gke-stack-type=IPV4,cloud.google.com/machine-family=t2a,cloud.google.com/private-node=false,cluster_name=topia-gke,default-node-pool=true,failure-domain.beta.kubernetes.io/region=us-central1,failure-domain.beta.kubernetes.io/zone=us-central1-a,iam.gke.io/gke-metadata-server-enabled=true,kubernetes.io/arch=arm64,kubernetes.io/hostname=gke-topia-gke-arm-node-pool-b1c1fb22-prrs,kubernetes.io/os=linux,node.kubernetes.io/instance-type=t2a-standard-2,node_pool=arm-node-pool,topology.gke.io/zone=us-central1-a,topology.kubernetes.io/region=us-central1,topology.kubernetes.io/zone=us-central1-a