I am trying to pull images from my azure container registry
sudo microk8s ctr --debug images pull redacted.azurecr.io/acs/service:2.24.2
but I keep getting this error:
ctr: failed to resolve reference "redacted.azurecr.io/acs/service:2.24.2": failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized
Here's my containerd-template.toml config:
version = 2
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io", ]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:32000"]
endpoint = ["http://localhost:32000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."redacted.azurecr.io"]
endpoint = ["https://redacted.azurecr.io"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."redacted.azurecr.io".auth]
username = "redacted"
password = "redacted"
By adding the username:password to the terminal command I am able to download the image so I am sure user name and password are correct. It looks like the configration from the config file is not being picked up (I did do microk8s stop and microk8s start afer editing the config file)
sudo microk8s ctr --debug images pull redacted.azurecr.io/acs/service:2.24.2 -u redacted:redacted
In the end I solved it by adding a docker secret and patching the service account to use the pull secret as default
microk8s kubectl create secret docker-registry acr-token --docker-server=**redacted** --docker-username="**redacted**" --docker-password="**redacted**" --namespace **redacted**
microk8s kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "acr-token"}]}' --namespace **redacted**