Error pulling edgeAgent from ACR with Windows container on IoT Edge v1.1

Question

I am working with a customer using the v1.1 of IoT Edge with Windows containers. They are in a locked down environment and do not want to connect to a public container registry. They prefer to ingest from their own Azure Container Registry (ACR). We have copied edgeAgent and edgeHub from our public registry to ACR using az acr import to pull the containers from:

• mcr.microsoft.com/azureiotedge-agent:1.1
• mcr.microsoft.com/azureiotedge-hub:1.1

I am finding that Azure IoT Edge cannot download the edgeAgent image. If I download the edgeAgent container manually from ACR, edgeAgent will start will start correctly. edgeAgent will also be able to download and install edgeHub via ACR. eg.:

docker -H "npipe:////./pipe/iotedge_moby_engine" pull <private ACR>.azurecr.io/azureiotedge-agent:1.1

Any thoughts on why IoT Edge is unable to pull the image itself? Is there something wrong with my config.yaml configuration for edgeAgent?

agent:
  name: "edgeAgent"
  type: "docker"
  env: {}
  config:
    image: "<private ACR>.azurecr.io/azureiotedge-agent:1.1"
    auth:
      username: "<username>"
      password: "<key>"
      serveraddress: "<address>.azurecr.io"

Answer 1

allow-nondistributable-artifacts may be required. Please see

• https://docs.docker.com/engine/reference/commandline/dockerd/#allow-push-of-nondistributable-artifacts

• https://learn.microsoft.com/virtualization/windowscontainers/about/faq#how-do-i-make-my-container-images-available-on-air-gapped-machines

Note this setting is required on the docker daemon pushing the public images to the private registry, not the IoT Edge device itself.

If that doesn't help, I'd suggest opening an issue at https://github.com/azure/iotedge/issues and be sure to include logs from the iotedged service.