Helm pull from ACR: 401 unauthorized with kubelet managed identity #4070
-
Hi, Please can someone help explain a way forward for me? Source controller is getting 401 unauth pulling a helm chart from ACR, but AKS is setup with kubelet managed identity and AcrPull granted, proven by the check-acr command below. The docs say just kubelet permissions should be enough.
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 8 replies
-
Hello. Did you set |
Beta Was this translation helpful? Give feedback.
-
Hello, I tried using the Kublet Identity to authenticate against ACR and one major configuration I was missing was the activation for Microsoft GitOps to use the KubeletIdentity. Found it mentioned here and later on MS
So for reference the full configuration would look similar to this:
|
Beta Was this translation helpful? Give feedback.
Hello. Did you set
.spec.provider: azure
in your manifests or does your cluster have more than one identity attached?