Back-off pulling image "XYZ/customer-management/dev/72-kubernetes-setup:XYZ"

7/30/2019

I am trying to automate build and deployment using gitlab CI. for this,i have added few steps like build, test, quality checks, review&deployment. Currently i am facing an issue on deployment, i am creating the docker image and pushing those images into the azure container registry and from there i'm trying to deploy on azure kubernetes by using helm. also i added ingress on the same. but due to some issue docker image is not able to pull the image on kubernetes and throwing below error- enter image description here and my gitlab ci pipeline getting success. enter image description here This is my deployment function which is written in .gitlab-ci.yml file- enter image description here

-- Pavan
azure-aks
azure-kubernetes
gitlab-ci
gitlab-ci-runner
kubernetes

1 Answer

7/30/2019

you need to grant AKS service principal ACRPull permission. that will allow it to silently auth to the ACR without you doing anything (you dont even need to create a docker secret in kubernetes).

AKS_RESOURCE_GROUP=myAKSResourceGroup
AKS_CLUSTER_NAME=myAKSCluster
ACR_RESOURCE_GROUP=myACRResourceGroup
ACR_NAME=myACRRegistry

# Get the id of the service principal configured for AKS
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)

# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

# Create role assignment
az role assignment create --assignee $CLIENT_ID --role acrpull --scope $ACR_ID

https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks

-- 4c74356b41
Source: StackOverflow