Pull image Azure Container Registry - Kubernetes

Asked 17/12, 2016 at 23:16 Answered 3/3, 2017 at 22:52

Solved azure docker kubernetes azure-container-service azure-container-registry

Does anyone have any advice on how to pull from Azure container registry whilst running within Azure container service (kubernetes)

I've tried a sample deployment like the following but the image pull is failing:

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: jenkins-master
spec:
  replicas: 1
  template:
    metadata:
      name: jenkins-master
      labels:
        name: jenkins-master
    spec:
      containers:
      - name: jenkins-master
        image: myregistry.azurecr.io/infrastructure/jenkins-master:1.0.0
        imagePullPolicy: Always
        readinessProbe:
          tcpSocket:
            port: 8080
          initialDelaySeconds: 20
          timeoutSeconds: 5
        ports:
        - name: jenkins-web
          containerPort: 8080
        - name: jenkins-agent
          containerPort: 50000

Walk answered 17/12, 2016 at 23:16 Comment(2)

#32727423 – Wylma 18/12, 2016 at 9:1

Thanks for the info above! Using this I've got it working and posting answer below – Walk 18/12, 2016 at 9:30

I got this working after reading this info.

http://kubernetes.io/docs/user-guide/images/#specifying-imagepullsecrets-on-a-pod

So firstly create the registry access key

kubectl create secret docker-registry myregistrykey --docker-server=https://myregistry.azurecr.io --docker-username=ACR_USERNAME --docker-password=ACR_PASSWORD --docker-email=ANY_EMAIL_ADDRESS

Replacing the server address with the address of your ACR address and the USERNAME, PASSWORD and EMAIL address with the values from the admin user for your ACR. Note: The email address can be value.

Then in the deploy you simply tell kubernetes to use that key for pulling the image like so:

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: jenkins-master
spec:
  replicas: 1
  template:
    metadata:
      name: jenkins-master
      labels:
        name: jenkins-master
    spec:
      containers:
      - name: jenkins-master
        image: myregistry.azurecr.io/infrastructure/jenkins-master:1.0.0
        imagePullPolicy: Always
        readinessProbe:
          tcpSocket:
            port: 8080
          initialDelaySeconds: 20
          timeoutSeconds: 5
        ports:
        - name: jenkins-web
          containerPort: 8080
        - name: jenkins-agent
          containerPort: 50000
      imagePullSecrets:
        - name: myregistrykey

Walk answered 18/12, 2016 at 9:35 Comment(0)

This is something we've actually made easier. When you provision a Kubernetes cluster through the Azure CLI, a service principal is created with contributor privileges. This will enable pull requests of any Azure Container Registry in the subscription.

There was a PR: https://github.com/kubernetes/kubernetes/pull/40142 that was merged into new deployments of Kubernetes. It won't work on existing kubernetes instances.

Walliw answered 3/3, 2017 at 22:52 Comment(1)

It would be a nice addition to provide an example of how to do this. – Brecciate 8/9, 2021 at 20:4

Recommended topics

Hot tags