Logo
Blog
Fixing ImagePullBackOff in Kubernetes with Azure Container Registry (ACR)

Fixing ImagePullBackOff in Kubernetes with Azure Container Registry (ACR)

Avatar
Hitarth Thaker
September 13, 2025

The Problem 🚨

While deploying an application to Kubernetes, one of our pods went into a ImagePullBackOff state.

bash
kubectl get pods 

NAME                         READY   STATUS             RESTARTS   AGE 

myapp-deployment-7f6b9c9f   0/1     ImagePullBackOff   0          5m

Checking the pod events showed the error:

bash
Failed to pull image "myacr.azurecr.io/myapp:latest":  

rpc error: code = Unknown desc = Error response from daemon:  

manifest for myacr.azurecr.io/myapp:latest not found

The issue was that Kubernetes could not authenticate with Azure Container Registry (ACR) to pull the private image.

Why This Happens ❓

  • Kubernetes nodes need credentials to pull images from a private registry like ACR.
  • If no imagePullSecret is configured, the request fails.
  • Result: Pod cannot start and gets stuck in ImagePullBackOff.

The Solution ✅

We fixed it by creating an image pull secret in Kubernetes and linking it to the service account used by the deployment.

Step 1: Create Image Pull Secret

Run the following command:

bash
    kubectl create secret docker-registry acr-auth \ 

  --docker-server=myacr.azurecr.io \ 

  --docker-username=<ACR-USERNAME> \ 

  --docker-password=<ACR-PASSWORD> \ 

  --docker-email=<YOUR-EMAIL>

Here:

  • myacr.azurecr.io → your ACR login server
  • <ACR-USERNAME> and <ACR-PASSWORD> → credentials from Azure Portal or az acr credential show

Step 2: Link Secret to a Service Account

Create a service account and reference the secret:

bash
apiVersion: v1 

kind: ServiceAccount 

metadata: 

  name: acr-service-account 

secrets: 

  - name: acr-auth

Step 3: Use Service Account in Deployment

Update your deployment YAML:

code
apiVersion: apps/v1 

kind: Deployment 

metadata: 

  name: myapp-deployment 

spec:

  replicas: 1 

  selector: 

    matchLabels: 

      app: myapp

  template: 

    metadata: 

      labels: 

        app: myapp 

    spec: 

      serviceAccountName: acr-service-account 

      containers: 

        - name: myapp 

          image: myacr.azurecr.io/myapp:latest 

          ports: 

            - containerPort: 8080

Verification 🔍

Apply the changes:

bash
kubectl apply -f deployment.yaml

Check pod status:

bash
kubectl get pods 

NAME                         READY   STATUS    RESTARTS   AGE 

myapp-deployment-7f6b9c9f   1/1     Running   0          2m

Now the pod runs successfully 🎉

Key Takeaways 📝

  • ImagePullBackOff often means authentication or image not found.
  • Always create a docker-registry secret for private registries like ACR.
  • Link the secret to a service account and reference it in deployments.
  • This ensures smooth image pulls without manual intervention.

By properly configuring image pull secrets, we made our Kubernetes deployment stable and secure when using Azure Container Registry. 🚀

Contact Us

Thank you for reading our comprehensive guide on "Fixing ImagePullBackOff in Kubernetes with Azure Container Registry (ACR)" We hope you found it insightful and valuable. If you have any questions, need further assistance, or are looking for expert support in developing and managing your projects. our team is here to help!

Reach out to us for Your Project Needs:

🌐 Website: https://www.prometheanz.com

📧 Email: [email protected]

Copyright © 2025 PrometheanTech. All Rights Reserved.