This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 48%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E3%3C/text%3E%3C/svg%3E)
While deploying new ABC-alert service in prod, we are getting the below error.
Message: Error creating: admission webhook "validation.gatekeeper.sh" denied the request: [azurepolicy-k8sazurev2containerallowedimag-3770e19106c2b08cb480] Container image acrinfdv1001.azurecr.io/ABC-alert-batch:433479 for container ABC-alert-batch has not been allowed.
[azurepolicy-k8sazurev2containerallowedimag-a89c4b5bb210c859536c] Container image acrinfdv1001.azurecr.io/epac-alert-batch:433479 for container ABC-alert-batch has not been allowed.
If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.
If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.
Thank you for helping to improve Microsoft Q&A!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 98%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
@37821879,
It seems Azure Policy has been enabled on your subscription, more precisely there seems to be a policy azurepolicy-k8sazurev2containerallowedimag-3770e19106c2b08cb480 which is not allowing you to use that image from the registry. When you enable the policy those validation admission webhooks gets deployed & does the work behind the scenes (of allowing/ not allowing)
You might have to review that policy and speak to the Administrator who ever has created, you should be able to see the definition of that policy which will be like a JSON file - validate the conditions.
https://learn.microsoft.com/en-us/azure/aks/use-azure-policy
You can disable the policy if you have permissions:
https://learn.microsoft.com/en-us/azure/aks/use-azure-policy#disable-a-policy-or-initiative
Or you can disable the policy add on:
sometimes you can create an exemption for a particular resource group :
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/exemption-structure
Regards,
Shiva.