TechQA.

Kubernetes pod gives image pull error despite docker login to ACR

306 views Asked by At

I have an AKS deployed in Azure and my pod is not able to pull the images from the ACR, the error is ImagePullBackOff, The error is failed to resolve reference "//:": failed to authorize: failed to fetch anonymous token: unexpected status from GET request to https://riotintoazureregistry.azurecr.io/oauth2/token?scope=repository%3A%3Apull&service=reponame.azurecr.io: 401 Unauthorized

I have tried to do az login, docker login and az acr login from my mac, but this still fails.

azure-aks acr
Original Q&A
1

There are 1 answers

0
Arko On BEST ANSWER

Your error indicates an issue with authorization when attempting to pull images from your Azure Container Registry (ACR) Below are few basic checks that you must verify from your end.

  1. Ensure that you have logged into your ACR
  2. Make sure you are using the complete ACR path - .azurecr.io/:
  3. Ensure that there are no network policies or firewall rules preventing your AKS cluster from accessing the ACR.

In-order to push an image to your ACR and then deploy the same to your AKS cluster without any error follow the below steps-:

Obviously you will need an ACR and an AKS cluster , so create one using portal or CLI

az acr create -n <your-prefered-ACR-name> -g <your-resource-group> --sku basic

az aks create -n <your-prefered-AKS-name> -g <your-resource-group> --generate-ssh-keys --attach-acr <the-acr-name-which-you-created-above> #this attaches your acr with your aks Output: enter image description here

Once these two things are ready. you can verify the same from portal under your resource group tab:

ACR AKS cluster

Now time to import an image inside the ACR: Example:

az acr import  -n <the-ACR-name> --source docker.io/library/nginx:latest --image nginx:v1

or docker pull <your-ACR-name>.azurecr.io/samples/nginx and then tag and push

docker tag mcr.microsoft.com/samples/nginx <your-ACR-name>.azurecr.io/nginx

docker push <your-ACR-name>.azurecr.io/nginx

output:

enter image description here

Now will deploy the same image on the AKS cluster with 2 replicas: verify your aks creds:

az aks get-credentials -g <your-resource-group> -n <your-aks-cluster-name>

Now that you are connected to the cluster, verified the nodes are up and no pods are available at present: enter image description here

Now I will deploy 2 replicas of this nginx image present in my ACR. For this I will create a yaml file called asen-nginx.yaml and modify the parameters accordingly

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx0-deployment
  labels:
    app: nginx0-deployment
spec:
  replicas: 2 #your choice of replica
  selector:
    matchLabels:
      app: nginx0
  template:
    metadata:
      labels:
        app: nginx0
    spec:
      containers:
      - name: nginx
        image: <your-acr-name>.azurecr.io/nginx:v1 
        ports:
        - containerPort: 80

enter image description here

and apply the same:

kubectl apply -f <whatever-file-name-you-gave>.yaml

enter image description here

Now when you do kubectl get pods, your pods are running without any image pull error: enter image description here

Reference document:

MS Doc

MS tutorial to deploy app from acr to aks

MS troubleshooting steps for can't pull images from acr to aks

Related Questions in AZURE-AKS

Related Questions in ACR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions