Microk8s kubernetes cannot pull local image

Hello all,
I have a remote node with private registry (IP: that only builds and store images, deployment is made on another node (IP: that pulls the image from remote private registry.

if I remove the image from the remote private registry and attempt to run a pod with the same image on a node where it HAS been pulled previously, Kubernetes will try to pull from remote registry even if it has image locally, and the pull will fail,

    imagePullPolicy: IfNotPresent is set

Tried to change imagePullPolicy to Always and Never, it still ignores local image and tries to pull from remote

Pulling image ""

Failed to pull image "": rpc error: code = NotFound desc = failed to pull and unpack image "": failed to resolve reference "": not found
 Error: ErrImagePull
Back-off pulling image ""
Error: ImagePullBackOff

but if i execute on local node -

microk8s ctr i ls -q |grep service-name

it exists

here’s some config to pull from remote private registry


server = ""

capabilities = ["pull", "resolve"]

server = "http://localhost:32000"

capabilities = ["pull", "resolve"]

Add skip_verify = true to your containerd hosts.toml, like this:

server = “

capabilities = [“pull”, “resolve”]
skip_verify = true

and restart containerd

RESOLVED. The problem was in AlwaysPullImages in admission control.
I had configured cis hardening and forgot about that setting. So that’s the reason why imagePullPolicy: IfNotPresent was ignored. After disabling this setting problem was resolved.
More info here:

Securing Kubernetes: A Deep Dive into AlwaysPullImages Admission Control – The Linux Notes