I could use some help with Azure AKS and ACR Integration. I create a ACR container and attach this container to the AKS cluster. I enable managed identity when creating AKS and I was hoping that ACR also uses managed identity

Here is the script I am using..

az group create --name $RESOURCEGROUP --location eastus
az acr create -n $REGISTRYNAME -g $RESOURCEGROUP --sku Basic
az aks create -n $CLUSTERNAME -g $RESOURCEGROUP --node-count $NODECOUNT --enable-addons monitoring --generate-ssh-keys --enable-managed-identity --attach-acr $REGISTRYNAME
az aks get-credentials -g $RESOURCEGROUP -n $CLUSTERNAME

On AKS, when I get pods, I have a Image Pull error

I see that AKS is using managed identity and ACR is using a Principal ID. How do I fix this issue

CodePudding user response：

Getting the simillar issue once i tried with same cmdlet which you given.

you need to try setting imagePullPolicy to Never and it just worked.

As kubectl describe pod mypd, Kubectl was trying to pull the image, and of course this image doesn't exis on remote server, hence the failure.

Above property will avoid connecting to registry and will use image from docker local images cache.

For Working with ACR & AKS

Import an image into your ACR Import an image from docker hub into your ACR by running the following:

az acr import  -n <acr-name> --source docker.io/library/nginx:latest --image nginx:v1

Would suggest to you follow this Microsoft document Deploy the sample image from ACR to AKS

spec:
      containers:
      - name: nginx
        image: <acr-name>.azurecr.io/nginx:v1
        imagePullPolicy: Never
        ports:
        - containerPort: 80

Refernce : Why am I getting an ErrImagePull error in this Kubernetes deployment?

CodePudding user response：

The ErrImageNeverPull error suggests that your pod spec lists imagePullPolicy: Never, meaning that the kubelet will only look in the node's own cache and not try to pull from ACR. If you remove that, it should work.