I am trying to deploy an ML model to an ACI in a VNet. I have followed the guide to setup a secure workspace, and also noted that if deploying to ACI, the container registry must not be in the same vnet.
I have deployed the container registry:
outside of the vnet in the same resource group
Allowed admin user in the CR
Disabled public access
Allowed trusted microsoft services
Created a private endpoint for private access for the worskpace to access (needed this for image builds on my training runs)
Allowed subnet delegation on the Scoring subnet for the containerGroups service as shown here
Now when I am trying to deploy the model to a container instance, I get this failure
```
Error:
{
"code": "InaccessibleImage",
"statusCode": 400,
"message": "ACI Service request failed. Reason: The image '<containerRegName>.azurecr.io/azureml/azureml_<imageHash>' in container group '<serviceName>-qcloi6KnEkOQ6CTdniybhQ' is not accessible. Please check the image and registry credential.. Refer to https://docs.microsoft.com/azure/container-registry/container-registry-authentication#admin-account and make sure Admin user is enabled for your container registry."
}
```
After speaking to the docs team where the guides address this deployment strategy (here), the only response is to use AKS. AKS won't be feasible right now for this project and the documentation seems to suggest that this is possible.