My ACR and AKS are on same Azure Directory with same subscription.
After giving ACR Pull access to my Service Principal, nothing worked and still getting this error.
Error :- Failed to pull image "xx.azurecr.io/xx:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://xx.azurecr.io/v2/xx/manifests/latest: unauthorized: authentication required
From the error message, it shows you do not authenticate to pull the image in your Azure Container Registry.
For AKS, there are two ways to get permission to pull the image from the Azure Container Registry.
One is that grant the permission to the service principal which AKS cluster used. You can get the details in Grant AKS access to ACR. In this way, you just need only one service principal.
The other one is that grant the permission to a new service principal which differs from the one that AKS used. Then you create a secret with the service principal to pull the image. You can get the details in Access with Kubernetes Secret.
They are two different ways, so you should make sure that there is no mistake in your steps. To check the role assignment for the service principal, the CLI command like this:
az role assignment list --assignee $SP_ID --role acrpull --scope $ACR_ID
The SP_ID dependants on the way which you have used.