AKS. Can't pull image from an acr
The "old" way with AKS was to do create secret
as you mentioned. That is no longer recommended.
The "new" way is to attach the container registry. This article explains the "new" way to attach ACR, and also provides a link to the old way to clear up confusion. When you create your cluster, attach with:
az aks create -n myAKSCluster -g myResourceGroup --attach-acr $MYACR
Or if you've already created your cluster, update it with:
az aks update -n myAKSCluster -g myResourceGroup --attach-acr $MYACR
Notes:
$MYACR
is just the name of your registry without the.azurecr.io
. Ex:MYACR=foobar
notMYACR=foobar.azurecr.io
.After you attach your ACR, it will take a few minutes for the
ImagePullBackOff
to transition toRunning
.
This looks good to me as well. That said, the recommendation is not to use the admin account, rather a service principle. With the SP you gain some granular control over access rights to the ACR instance (read, contributor, owner).
This doc includes two methods for authentication between AKS and ACR using service principles.
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks
It's not exactly the question case. But I was having similar issue with utilization of Attach ACR approach. My problem was with Upper case characters in the registry name. Below warning was being generated by az cli.
Uppercase characters are detected in the registry name. When using its server url in docker commands, to avoid authentication errors, use all lowercase
So ensure to use all lowercases in ACR urls on Docker commands.