I have created an Azure Devops Service Connection of type Docker Registry/Azure Container Registry called "eshop-registry". When I invoke a build pipeline such as build/azure-devops/basket-api/azure-pipelines.yml, the build steps works fine and the image is deployed to ACR with a single tag of linux-latest. This seems correct but the the Create multiarch manifest step always fails with the following message:
Created manifest list docker.io/eshop/basket.api:dev
Created manifest list docker.io/eshop/basket.api:latest
failed to put manifest docker.io/eshop/basket.api:dev: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
failed to put manifest docker.io/eshop/basket.api:latest: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
How do I resolve this error?
Also, how do I update AKS once the updated image has been deployed to the ACR.
Thanks!
Hi @mzrzz3 , thank you for reaching out.
One of the reasons, I could think of this error because of the incorrect registry name in the multiarch.yml file.
Did you get a chance to look into this error #1430 ?
Also, you could use helm to deploy the latest releases in your AKS cluster. For more details, you can refer Deploy Your Local Images
Hope this helps !
@sughosneo - thanks for your help.
Here is a quick summary of my configuration.
Azure DevOps - service connection named "eshop-registry" that connects to an ACR instance named "eshopakshackathon"
azure-pipelines.yml (basket-api)
variables:
registryEndpoint: eshop-registry
multiarch.yml
parameters:
image: ''
branch: ''
registry: 'eshopakshackathon'
registryEndpoint: ''
docker-compose.yml
REGISTRY "eshop" parameter still "eshop" and not overriden. See fragment/example below. I want the repositories in the ACR to appear as eshop/catalog.api, eshop/basket-api etc.
*Current output from multiarch manifest *
errors:
denied: requested access to the resource is denied
unauthorized: authentication required
errors:
denied: requested access to the resource is denied
unauthorized: authentication required
No such manifest: docker.io/eshopakshackathon/basket.api:dev
No such manifest: docker.io/eshopakshackathon/basket.api:latest
Question: What does the create multiarch manifest step really do and is this step actually needed?
Below is a screen shot of the basket-api image in the repository. Most things appear to be working apart from the "Create multiarch manifest" step.

Hi @mzrzz3, thanks for the update and sorry for the delay in responding.
manifest file is the Json file which represents a docker image details. And the multiarch.yaml file is to support the different architecture with the same docker image tag. It can be useful to truly follow the concept Build once, deploy anywhere with the same image tag without rebuilding the docker image again.
If you know that you will run the docker image always on one platform, then you can skip this step. You can tweak the available azure-pipelines.yaml as per your need.
i think with multiarch.yaml you login to docker hub as default so that you faced the issues.
you may try change below key-value in multiarch.yaml
from
dockerRegistryEndpoint: ${{ parameters.registryEndpoint }}
to
containerRegistry: ${{ parameters.registryEndpoint }}
and release pipeline can set an artifact trigger and there is a task in CI pipeline that copy helm out as artifact. so that once the CI pipeline is finished, artifact is created , then the release pipeline is trigger.
Thanks @gItSpLasHeR for sharing your thoughts.
@mzrzz3 - just checking if you had any further questions ? Thanks.
@sughosneo and @gItSpLasHeR thanks for your help. I realized eventually I could skip the multiarch step as I was not publishing to docker.
Hi @sbarry3cloud , thanks for the update.
I am closing this issue as of now. If you have any further questions, please feel free to reopen it.