When the pipeline starts it attempts to pull the image and fails with error “unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information. (manager.go:237:0s)”
From the VM command line If I run az login --identity and az acr log --name <registry> then the .docker/config.json file gets updated with the auth and identity token, and pipeline works until the token expires with error “unauthorized: authentication required (manager.go:237:0s)”
I don’t see how the DOCKER_AUTH_CONFIGS would work with managed identity. Any suggestions?
@balonik - Thanks for the input. I didn’t try the acr-docker-credential-helper because it is deprecated.
I had the same thought about the cron job. I’d prefer to have the runner handle the auth once configured, but running the cron job should be a workable workaround.
I will look into the point about Service Principal as that is something I hadn’t thought of or investigated.
old thread, but just chiming in . I had a similar ask and found using managed identity is the way to go assuming all things Azure .
here is my code may provide some help . my runner is shell with az cli or you could use a custom image if you prefer . just make sure you grant the VM acr pull role . HTH