How to pull ACR image from k3s pods

7/12/2021

I have customized the coredns image and pushed it to my azure container registry (ACR). <br/>Now in default coredns pod that is coming after k3s installation, I want to use my_azure_acr_repo/proj/customize-coredns:latest image instead of rancher/coredns-coredns:1.8.3. So I edited the coredns deployment kubectl edit deploy coredns -n kube-system and replaced my acr image with rancher one. But now coredns pod is not able to pull my acr image and giving error in pod description:

Failed to pull image "my_azure_acr_repo/proj/customize-coredns:latest": rpc error:
code = Unknown desc = failed to pull and unpack image "my_azure_acr_repo/proj/customize-coredns:latest": 
failed to resolve reference "my_azure_acr_repo/proj/customize-coredns:latest": failed to 
authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized

How can I authenticate acr image, so that pod should pull it ?

-- solveit
azure-container-registry
coredns
kubernetes
kubernetes-pod

1 Answer

7/12/2021

That's because your container is not authorized to pull image from your private ACR.

First you've to create secret so that you can access your ACR, then pass that secret in your deployment using imagePullSecrets

you can create secret by this command, make sure to replace your credential variables

kubectl create secret docker-registry <name> --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

For ACR it will be something like this

kubectl create secret docker-registry regkey --docker-server=https://myregistry.azurecr.io --docker-username=ACR_USERNAME --docker-password=ACR_PASSWORD --docker-email=ANY_EMAIL_ADDRESS

your deployment spec

spec:
  containers:
    - name: foo
      image: janedoe/awesomeapp:v1
  imagePullSecrets:
    - name: regkey

More info related to this.

https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod

-- Mohsin Amjad
Source: StackOverflow