set ACR_NAME=<registry_short_name>
az acr show --name %ACR_NAME% --query id --output tsv
copy above output to variable set ACR_REGISTRY_ID
The below will create a service principal and show password of it
az ad sp create-for-rbac --name %SERVICE_PRINCIPAL_NAME% --scopes %ACR_REGISTRY_ID% --role acrpull --query password --output tsv
The app id of service principal:
az ad sp list --display-name %SERVICE_PRINCIPAL_NAME% --query [].appId --output tsv
Use the above service principal to create a secret in kubernetes.
kubectl create secret docker-registry <secret-name> \
--namespace <namespace> \
--docker-server=<container-registry-name>.azurecr.io \
--docker-username=<service-principal-ID> \
--docker-password=<service-principal-password>
--namespace <namespace> \
--docker-server=<container-registry-name>.azurecr.io \
--docker-username=<service-principal-ID> \
--docker-password=<service-principal-password>
After that, use it while creating a pod/deployment
apiVersion: v1
kind: Pod
metadata:
name: my-awesome-app-pod
namespace: awesomeapps
spec:
containers:
- name: main-app-container
image: myregistry.azurecr.io/my-awesome-app:v1
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: acr-secret
kind: Pod
metadata:
name: my-awesome-app-pod
namespace: awesomeapps
spec:
containers:
- name: main-app-container
image: myregistry.azurecr.io/my-awesome-app:v1
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: acr-secret
Reference: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-kubernetes
No comments:
Post a Comment