AKS. Can't pull image from an acr

The "old" way with AKS was to do create secret as you mentioned. That is no longer recommended.

The "new" way is to attach the container registry. This article explains the "new" way to attach ACR, and also provides a link to the old way to clear up confusion. When you create your cluster, attach with:

az aks create -n myAKSCluster -g myResourceGroup --attach-acr $MYACR

Or if you've already created your cluster, update it with:

az aks update -n myAKSCluster -g myResourceGroup --attach-acr $MYACR

Notes:

• $MYACR is just the name of your registry without the .azurecr.io. Ex: MYACR=foobar not MYACR=foobar.azurecr.io.

• After you attach your ACR, it will take a few minutes for the ImagePullBackOff to transition to Running.

This looks good to me as well. That said, the recommendation is not to use the admin account, rather a service principle. With the SP you gain some granular control over access rights to the ACR instance (read, contributor, owner).

This doc includes two methods for authentication between AKS and ACR using service principles.

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks

It's not exactly the question case. But I was having similar issue with utilization of Attach ACR approach. My problem was with Upper case characters in the registry name. Below warning was being generated by az cli.

Uppercase characters are detected in the registry name. When using its server url in docker commands, to avoid authentication errors, use all lowercase

So ensure to use all lowercases in ACR urls on Docker commands.