# 拉取镜像 "myregistry.azurecr.io/myapp:latest" 失败：rpc 错误：代码 = Unknown 描述 = 来自守护进程的错误响应：未找到 myregistry.azurecr.io/myapp:latest 的清单：清单未知

- **ID:** `cloud/azure-aks-pod-stuck-containercreating-imagepullbackoff`
- **领域:** cloud
- **类别:** config_error
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

容器镜像标签 'latest' 在 Azure 容器注册表 (ACR) 中不存在，因为 CI/CD 管道推送了特定版本标签（例如 'v1.2.3'），但 Kubernetes 部署清单引用了 'latest'，或者镜像已被删除。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Azure Kubernetes Service (AKS) 1.28 | active | — | — |
| Azure Container Registry (ACR) SKU: Standard | active | — | — |
| kubectl v1.29.0 | active | — | — |

## 解决方案

1. ```
   Update the Kubernetes deployment manifest to use the correct image tag that exists in ACR: `kubectl set image deployment/myapp myapp=myregistry.azurecr.io/myapp:v1.2.3`
   ```
2. ```
   If 'latest' is required, retag the existing image in ACR: `az acr import --name myregistry --source myregistry.azurecr.io/myapp:v1.2.3 --image myapp:latest`
   ```

## 无效尝试

- **** — ACR anonymous pull is disabled by default; even if the image exists, AKS needs authentication to pull from ACR. (70% 失败率)
- **** — Restarting pods does not fix the missing image; it will only cause the same error again. (95% 失败率)
- **** — The pull secret may be valid but the image tag simply doesn't exist; the error is about the manifest, not authentication. (60% 失败率)