AKS. Can't pull image from an acr
This looks good to me as well. That said, the recommendation is not to use the admin account, rather a service principle. With the SP you gain some granular control over access rights to the ACR instance (read, contributor, owner).
This doc includes two methods for authentication between AKS and ACR using service principles.
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks
The "old" way with AKS was to do create secret
as you mentioned. That is no longer recommended.
The "new" way is to attach the container registry. This article explains the "new" way to attach ACR, and also provides a link to the old way to clear up confusion. When you create your cluster, attach with:
az aks create -n myAKSCluster -g myResourceGroup --attach-acr $MYACR
Or if you've already created your cluster, update it with:
az aks update -n myAKSCluster -g myResourceGroup --attach-acr $MYACR
Notes:
$MYACR
is just the name of your registry without the.azurecr.io
. Ex:MYACR=foobar
notMYACR=foobar.azurecr.io
.After you attach your ACR, it will take a few minutes for the
ImagePullBackOff
to transition toRunning
.