0

api call to https://management.azure.com/subscriptions/75b381e6-d739-4955-2-e7e7adc/resourceGroups/MC_xxxcoreapi_CoreCluster_westeurope/providers/Microsoft.ContainerInstance/containerGroups/xxx-coreapi-public-xxxcorejob1-vdjsb?api-version=2018-10-01: got HTTP response status code 400 error code "InaccessibleImage": The image ''xxxx.azurecr.io/core:v1.0.0.0'' in container group ''xxx-coreapi-public-xxx-vdjsb'' is not accessible

Use Case: Bursting from AKS to ACI with the Virtual Kubelet. I am able to pull it using docker pull, also I can pull image in AKS node with and without imagePullSecret, but not with the ones type: virtual-kubelet

Already tried the following:

Pull an Image from a Private Registry

CreateSecret
 imagePullSecrets:
   name: xxx-axth

Also use service account with secret. My AKS Service principal has contributor and acrpull roles

Furthermore I have tried:

az aks update -n CoreCluster -g xxxcoreapi --attach-acr xxxcoreapi"
aamir sajjad
  • 3,019
  • 1
  • 27
  • 26
  • that is really weird. that should work – 4c74356b41 Feb 20 '20 at 15:59
  • @4c74356b41 apparently yes, I spent entire day figuring this out, but no luck – aamir sajjad Feb 20 '20 at 16:01
  • 1
    How do you create the AKS cluster? The portal or other ways? – Charles Xu Feb 21 '20 at 06:40
  • @CharlesXu I created it through portal, and enable the auto scaling with aci under scale tab from the portal. Additionally I installed helm and run the following command as well az aks install-connector --name CoreCluster --resource-group coreapi – aamir sajjad Feb 21 '20 at 07:32
  • Which network type do you use? The basic or the advance? – Charles Xu Feb 21 '20 at 07:51
  • @CharlesXu basic – aamir sajjad Feb 21 '20 at 08:38
  • Are you really sure you use the basic network in the portal to create the AKS cluster? As I know it only supports the advance network when you enable the virtual node. – Charles Xu Feb 21 '20 at 08:43
  • @CharlesXu my mistake "you are correct" I have following setting Network type (plugin): Advanced (Azure CNI) – aamir sajjad Feb 21 '20 at 08:44
  • @CharlesXu may be it has something to do with new resource group that is created automatically "MC_coreapi_CoreJobCluster_westeurope" – aamir sajjad Feb 21 '20 at 08:50
  • OK, then do you grant the service principal of the AKS cluster with the right permission of the Vnet you use for the virtual node? – Charles Xu Feb 21 '20 at 08:52
  • @CharlesXu I did it using following command. where assignee = cluster service principal app id az role assignment create --assignee 0dc88dc1-b533-4143-bf5c- --scope /subscriptions/75b381e6--4955-8f82-e7cc1b7e7adc/resourceGroups/xxx/providers/Microsoft.Network/virtualNetworks/xxx-vnet --role Contributor – aamir sajjad Feb 21 '20 at 08:54

1 Answers1

0

So it is resolved finally

Strange enough, I log out to the azure portal, restart my pc, and everything working as expected.

As per my understanding possible causes are

  • Azure refresh cache thing

  • My computer cache refresh for related files/config

I hope that my experience will help somebody with similar situation

aamir sajjad
  • 3,019
  • 1
  • 27
  • 26