I have an issue with the AKS, Kubernetes cannot pull the image from the ACR, It show the message "unauthorized: authentication required" I already set permissions on the ACR to the AKS Service Principal. It had worked fine until today when I proced to update the pod with a new container from the ACR.
According to the message you provided, the possible reason that I can think of is the Authorization expiry. You can take a check for your service principal if it's Authorization expiry.
Other than this, I recommend you can also check if all other things are OK, the authentication with ACR for AKS here. This can avoid the wrong action.
The SP already has authorization to pull images from the ACR.
I followed the post here and now the AKS is able to pull images from ACR. When I created the AKS its SP didn't have secrets nor certificates setted, but it had working fine since 12 months ago, suddenly AKS now needs to have a secret in its SP to authenticate over the ACR.
Thanks...
using this workaround it did the job:
az role assignment create --assignee <servicePrincipalID> --scope <registryID> --role acrpull