Failed to pull image "myregistry.azurecr.io/myapp:latest": rpc error: code = Unknown desc = Error response from daemon: manifest for myregistry.azurecr.io/myapp:latest not found: manifest unknown
ID: cloud/azure-aks-pod-stuck-containercreating-imagepullbackoff
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Azure Kubernetes Service (AKS) 1.28 | active | — | — | — |
| Azure Container Registry (ACR) SKU: Standard | active | — | — | — |
| kubectl v1.29.0 | active | — | — | — |
Root Cause
The container image tag 'latest' does not exist in the Azure Container Registry (ACR) because the CI/CD pipeline pushed a specific version tag (e.g., 'v1.2.3') but the Kubernetes deployment manifest references 'latest', or the image was deleted.
generic中文
容器镜像标签 'latest' 在 Azure 容器注册表 (ACR) 中不存在,因为 CI/CD 管道推送了特定版本标签(例如 'v1.2.3'),但 Kubernetes 部署清单引用了 'latest',或者镜像已被删除。
Official Documentation
https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integrationWorkarounds
-
95% success Update the Kubernetes deployment manifest to use the correct image tag that exists in ACR: `kubectl set image deployment/myapp myapp=myregistry.azurecr.io/myapp:v1.2.3`
Update the Kubernetes deployment manifest to use the correct image tag that exists in ACR: `kubectl set image deployment/myapp myapp=myregistry.azurecr.io/myapp:v1.2.3`
-
90% success If 'latest' is required, retag the existing image in ACR: `az acr import --name myregistry --source myregistry.azurecr.io/myapp:v1.2.3 --image myapp:latest`
If 'latest' is required, retag the existing image in ACR: `az acr import --name myregistry --source myregistry.azurecr.io/myapp:v1.2.3 --image myapp:latest`
中文步骤
Update the Kubernetes deployment manifest to use the correct image tag that exists in ACR: `kubectl set image deployment/myapp myapp=myregistry.azurecr.io/myapp:v1.2.3`
If 'latest' is required, retag the existing image in ACR: `az acr import --name myregistry --source myregistry.azurecr.io/myapp:v1.2.3 --image myapp:latest`
Dead Ends
Common approaches that don't work:
-
70% fail
ACR anonymous pull is disabled by default; even if the image exists, AKS needs authentication to pull from ACR.
-
95% fail
Restarting pods does not fix the missing image; it will only cause the same error again.
-
60% fail
The pull secret may be valid but the image tag simply doesn't exist; the error is about the manifest, not authentication.