azure-aci icon indicating copy to clipboard operation
azure-aci copied to clipboard

Published 20 hours ago verified publisher icon virtual-kubelet

Allow to deploy images from a private ACR

Open jmalkiew opened this issue 3 years ago • 4 comments

We'd like to be able to deploy images to AKS virtual node from an ACR that is deployed into VNET (private endpoint & Firewall enabled). Currently that's not possible as AKS fails to create a pod due to "HTTP response status code 409 error code "RegistryErrorResponse" it receives from ACR.

jmalkiew avatar Jul 21 '21 10:07 jmalkiew

@jmalkiew could you share the result for 'kubectl describe pod '? (remember to remove any credentials if there have)

feiskyer avatar Jul 26 '21 02:07 feiskyer

@feiskyer we had a case with Azure support opened. I can give you the case number if that will help. The conclusion was „ We double checked with ACR product engineering team what applies to ACI as limitation (https://docs.microsoft.com/en-us/answers/questions/193123/azure-aci-with-private-acr-and-selected-public-net.html) with private ACR applies with Virtual Node with AKS”. That means that if we add a firewall rule to ACR to restrict access to ACR we’ll get an error. I was asked to request an feature request.

jmalkiew avatar Jul 30 '21 07:07 jmalkiew

tagged as a feature request and dependency of ACI

feiskyer avatar Aug 09 '21 03:08 feiskyer

add e2e tests with private container images should be added to validate pulling images with secrets.

ryanzhang-oss avatar Feb 19 '22 00:02 ryanzhang-oss