AKS has an issue pulling a container image from the ACR

9/17/2019

I have an issue with the AKS, Kubernetes cannot pull the image from the ACR, It show the message "unauthorized: authentication required" I already set permissions on the ACR to the AKS Service Principal. It had worked fine until today when I proced to update the pod with a new container from the ACR.

-- Jesús A. Odreman
azure
azure-container-registry
azure-container-service
azure-kubernetes

3 Answers

9/18/2019

According to the message you provided, the possible reason that I can think of is the Authorization expiry. You can take a check for your service principal if it's Authorization expiry.

Other than this, I recommend you can also check if all other things are OK, the authentication with ACR for AKS here. This can avoid the wrong action.

-- Charles Xu
Source: StackOverflow

9/19/2019

The SP already has authorization to pull images from the ACR.

I followed the post here and now the AKS is able to pull images from ACR. When I created the AKS its SP didn't have secrets nor certificates setted, but it had working fine since 12 months ago, suddenly AKS now needs to have a secret in its SP to authenticate over the ACR.

Thanks...

-- Jesús A. Odreman
Source: StackOverflow

1/3/2020

using this workaround it did the job:

az role assignment create --assignee <servicePrincipalID> --scope <registryID> --role acrpull
-- Volodymyr
Source: StackOverflow