Azure Container Registry not accessible via private endpoint [403 Forbidden]
I've set up vnet A and vnet B. They're linked together with vnet peering. vnet A has two subnets = "vm-agents" and "private-endpoints". They don't have any nsg's. vnet B also has two subnets = "aks" and "private-endpoints".
In subnet "vm-agents" of vnet A, I've created a pipeline agent. In subnet "private-endpoints" of vnet B, I've created an ACR that's linked to a private endpoint. I've also set up private DNS zone that's linked to vnet A and B.
I already SSH'ed into my pipeline agent and checked if DNS resolving works properly using nslookup. It returns indeed the private endpoint IP address.
But the command docker login -u <token-name> -p <token-password> <my-own-acr>.azurecr.io returns the error Error response from daemon: login attempt to https://<my-own-acr>.azurecr.io/v2/ failed with status: 403 Forbidden.
When temporarily enabling public access for the ACR and testing the exact same command on my own PC results in a successful login. I'm using a token created in the ACR.
What could be going wrong here?
response from daemon: login attempt failed with status: 403 Forbidden. Error your facing due to below reasons. Follow the MS Doc for more details
If you are using a virtual network or private endpoint for the ACR, you can check the points mentioned in the MS DOC.
ACR Private Endpoint DNS Configuration
Private DNS zone record sets
When I tried to check the communication from VM-agents to ACR using the same configuration as yours, the connection was successful, as shown below
Make sure to check that the VNet peering is approved and the Private DNS Zone is configured correctly
- How to set up a Low Disk Space alert with the new Azure Monitor agent to trigger when a specific disk drive is low on free space?
- Azure Cosmos DB - Understanding Partition Key
- Get the permissions of users with respect to the repositories via the API of ADO
- Azure graph api to search groups whose displayName contains a specific term
- Azure Functions with VS Code and Python: ModuleNotFoundError: No module named 'azure.storage'
- Azure APIM - VNET injection vs inbound private endpoint, what is a difference?
- My mern project is not running in azure web app
- Split multiple tables from a single sheet in excel using data flows
- How to reduce your outbound ip address list for azure web app to add ip address to Flexible PostregSQL server firewall
- Not able to send localized push notification from Azure Notification Hub after migrating to FCMv1 from FCM Legacy API
- Production slot not using Production as ASPNETCORE_ENVIRONMENT variable
- Azure monitor open telemetry python package raising exception when python app deployed on Azure
- Azure Document Intelligence - RequestFailedException: 'Resource not found Status: 404 (Not Found)
- Parameterize runOnStartup in function.json
- Trouble Passing Boolean Values in Azure Data Factory JSON Template
- Managed Identity for Cosmos DB: "Local Authorization is disabled. Use an AAD token to authorize all requests"
- SFTP connectivity via Jsch fails with "Auth fail for methods 'publickey'"
- How can I add email recipients to a Graph API request programmatically?
- Getting an UnsupportedClassVersionError after updating Java 17 to Java 21
- Issue during update azure vmss trough rest api using curl
- How can I define compile time constants in bicep configuration language?
- How to redact Indian Aadhaar Number, Brazilian CPF number or any other such PII using azure language service
- Timezone error creating SQL instance in Azure using Terraform
- Does Azure's EntraID support dynamic custom claims?
- Can't provide NuGet package source credentials to Azure Function
- How can I use Terraform to run a script to initialise the database on a newly-created Azure mssql_virtual_machine?
- Creating External table in Azure SQL Database using ADLS2 Datasource
- Issue uploading files to S3 from Django in Docker
- Azure DevOps pipeline continues to run despite removing schedule
- Azure Active Directory App service Principal create new client secret