I am setting up Airflow 2.7.2 on K8 cluster, with Kubernetes executor where i am using AIRFLOW__KUBERNETES__IMAGE_PULL_SECRETS env variable to assign the secret. For the node it works and can pull image from private registry such as Azure acr, but worker pods that gets launched from DAG does not work, they get terminated. The task stays as queued and never works. I also tried the pod_template method, but that also does not work. Any ideas?
i tried also assigning a service account which has access to pods, deployments, secrets, configmaps etc. Assigned the value using AIRFLOW__KUBERNETES__WORKER_SERVICE_ACCOUNT_NAME, but does not help.
Error from pod log:
Failed to pull image "<>.azurecr.io/<>:latest": rpc error:
code = Unknown desc = failed to pull and unpack image
"<>.azurecr.io/<>:latest": failed to resolve reference
"<>.azurecr.io/<>:latest": failed to authorize: failed to
fetch anonymous token: unexpected status from GET request to
https://<>.azurecr.io/oauth2/token?scope=repository..
401 Unauthorized
I cannot create azurerm_role_assignment at the moment, since I do not have Azure owner access. So i have to rely on image pull secrets.