Access images hosted on Azure Container Registry (ACR) from Azure Kubernetes (AKS) Cluster

 In this blog post, I will show you how I connect my Azure Container Registry (ACR) to my Azure Kubernetes Cluster (AKS) and run a container from images stored on ACR.

Background

By default, when you install an AKS cluster you can only deploy containers from images stored on public container registries like Docker Hub.

If you have an AKS cluster you probably set it up so you could run your own images (like my case).

In my case, I have an ACR registry on Azure which I need to “plug” into AKS in order for me access my container images.

The Process

The process to set up the connection between ACR and AKS is made using the Azure CLI and in this article, I will Cloud Shell.

Using Azure CLI and Cloud Shell I will run a number of commands that will connect the two systems and create a connection.

Code

Below you can see the code, to run the code I have entered my Resource Group name, My AKS Cluster names my ACR name.

Go ahead and change the code to your resources and run Cloud Shell.

AKS_RESOURCE_GROUP=AKSRG
AKS_CLUSTER_NAME=AKSDP
ACR_RESOURCE_GROUP=AKSRG
ACR_NAME=deploy
# Get the id of the service principal configured for AKS
CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
# Get the ACR registry resource id
ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
# Create a role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID

Below, I started Cloud Shell with Bash as the command-line tool

Once the code has run I will start AKS UI and will scroll down to Secret

Under secret, you will see my ACR and AKS connection (acr-auth)

If I click on it I will see all the details

To access my image from my ACR, I need to type the name of the image under container image.

Under the advanced settings, Image Pull Secret menu I will select the ACR connection name


Posted

in

by