How can we pull ACR images from gov Cloud if we are working in commercial cloud?
You should be able to accomplish this using token authentication against your ACR. Be advised though that this is currently a preview feature and requires the Premium SKU for ACR. Having said that, here are the steps:
Generate an authentication token for your ACR in Azure Government, specifying _repositories_pull for the scope map. Make sure to generate the password too. You can do this after you create the token - just click on the token in the portal and there will be an option to generate a password.
After you generate the password, copy the Docker login command that is generated. It will look something like docker login -u token1 -p 3AP3Gf...wJ <youracr>.azurecr.us
From your terminal, where you have access to your AKS cluster in commercial, login to docker using the docker command from #2. Note: you will probably have to run this as sudo. This will generate a file at ~/.docker/config.json that contains the password to authenticate to your ACR in Azure Gov.
Use the config.json from #3 to create a secret based on existing Docker credentials in your cluster.
Finally, use an imagePullSecret in your pod spec to use the secret you generated in #4. Also, be sure to update your image to reference the full path of your container image in ACR. Example here.