Deploying an ML Model to ACI with a secured workspace in a VNet
Byron Verzmoter
1
Reputation point
I am trying to deploy an ML model to an ACI in a VNet. I have followed the guide to setup a secure workspace, and also noted that if deploying to ACI, the container registry must not be in the same vnet.
I have deployed the container registry:
- outside of the vnet in the same resource group
- Allowed admin user in the CR
- Disabled public access
- Allowed trusted microsoft services
- Created a private endpoint for private access for the worskpace to access (needed this for image builds on my training runs)
- Allowed subnet delegation on the Scoring subnet for the containerGroups service as shown here
Now when I am trying to deploy the model to a container instance, I get this failure
Error:
{
"code": "InaccessibleImage",
"statusCode": 400,
"message": "ACI Service request failed. Reason: The image '<containerRegName>.azurecr.io/azureml/azureml_<imageHash>' in container group '<serviceName>-qcloi6KnEkOQ6CTdniybhQ' is not accessible. Please check the image and registry credential.. Refer to https://learn.microsoft.com/azure/container-registry/container-registry-authentication#admin-account and make sure Admin user is enabled for your container registry."
}
After speaking to the docs team where the guides address this deployment strategy (here), the only response is to use AKS. AKS won't be feasible right now for this project and the documentation seems to suggest that this is possible.