Pull azure container registry image in kubernetes helm

4
votes

I'm working on a project using Helm-kubernetes and azure kubernetes service, in which I'm trying to use a simple node image which I have been pushed on azure container registry inside my helm chart but it returns ImagePullBackOff error.

Here are some details:

My Dockerfile:

FROM node:8

# Create app directory
WORKDIR /usr/src/app


COPY package*.json ./

RUN npm install

# Bundle app source
COPY . .

EXPOSE 32000
CMD [ "npm", "start" ]

My helm_chart/values.yaml:

replicaCount: 1

image:
  registry: helmcr.azurecr.io
  repository: helloworldtest
  tag: 0.7
  pullPolicy: IfNotPresent

nameOverride: ""
fullnameOverride: ""

service:
  name: http
  type: LoadBalancer
  port: 32000
  internalPort: 32000

ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  paths: []
  hosts:
    - name: mychart.local
      path: /
  tls: []

resources: {}

nodeSelector: {}

tolerations: []

affinity: {}

When I try to pull the image directly uasing the command below as: docker pull helmcr.azurecr.io/helloworldtest:0.7 then it pulls the image successfully.

Whats can be wrong here?

Thanks in advance!

1
azuredockerkuberneteskubernetes-helmazure-container-registry
I'm not sure about this, but I remember that I once had an issue, not related to this, but with ACR, as well. It was that the repository: helloworldtest should have been repository: helmcr.azurecr.io/helloworldtest even tough you had it already defined in the registry.wuerzelchen
kubectl describe pod <podname> may have a little bit more in the way of diagnostics. Otherwise, it'd be helpful if you could edit the question to add the deployment spec. Is the repository something you need to docker login to, and if so, is there a correct imagePullSecret: in the deployment spec?David Maze

1 Answers

4
votes

Your kubernetes cluster needs to be authenticated to the container registry to pull images, generally this is done by a docker secret:

kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

If you are using AKS, you can grant cluster application id pull rights to the registry, that is enough.

Reading: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/