azureterraformazure-container-instances

Azure ACI cannot pull image from public docker registry (Possible bug)


This used to work, but for some reason Azure ACI now cannot pull image from public dockerhub.

I tried to deploy ACI on two subscriptions (One completely fresh) where i respectively "click opsed" the deployment and did a terraform deployment. (Just to rule out that I had a wierd network configuration in my subscription)

The error that I'm getting is not super elaborate and is the same regardless as to whether i click-ops or use tf:

performing ContainerGroupsCreateOrUpdate: unexpected status 409 (409 Conflict) with error: RegistryErrorResponse: An error response is received from the docker registry 'index.docker.io'. Please retry later.

My terraform (Which used to work) is as follows:

resource "azurerm_container_group" "forwarder" {
  name                = "${var.app_name}-forwarder-${var.environment}"
  resource_group_name = var.rg-name
  location            = var.region
  ip_address_type     = "Private"
  os_type             = "Linux"
  subnet_ids          = [var.private-subnet.id]
  restart_policy      = "Always"

  container {
    name                  = "${var.app_name}-forwarder-${var.environment}"
    image                 = "nginx" //Changing image doesn't make a difference
    cpu                   = 0.5
    memory                = 1

    readiness_probe {
      ...
    }

    liveness_probe {
      ...
    }
    ports {
      port     = local.forwarder_local_port
      protocol = "TCP"
    }
  }
  exposed_port {
    port     = local.forwarder_local_port
    protocol = "TCP"
  }


  diagnostics {
    log_analytics {
      ...
    }
  }
}

NSGs are open - Also its worth noting, that trying to deploy a public ACI instance also face the same issue.

Manually pulling the image i.e. docker image pull nginx is no problem.

The region is eu west


Solution

  • The issue is dockerhub has implemented rate limiting. See: https://medium.com/@alaa.barqawi/docker-rate-limit-with-azure-container-instance-and-aks-4449cede66dd

    It really doesn't help that the error dockerhub is returning is singularly uninformative of what is really going on. Good work on breaking container deployment...

    Suggest: either use a paid dockerhub account, or tag and push the container to your own private container repository (or github container repo etc) See: How to push a docker image to a private repository

    Rod