The images we use in kubernetes are downloaded from public registers (where we don’t need to log in) or from private where we need to authenticate. On the Microsoft Azure platform, you can integrate Azure Kubernetes Service (AKS) with Azure Container Registries (ACR), our private registry, without using secrets in yaml file.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx1-test
labels:
app: nginx1-test
spec:
replicas: 1
selector:
matchLabels:
app: nginx1-test
template:
metadata:
labels:
app: nginx1-test
spec:
imagePullSecrets:
- name: acr-secret
containers:
- name: nginx
image: <acr-name>.azurecr.io/nginx:v1
ports:
- containerPort: 80
After integration we will be able to connect to our private registry as to the public one without using secrets (imagePullSecrets) in yamle.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx1-test
labels:
app: nginx1-test
spec:
replicas: 1
selector:
matchLabels:
app: nginx1-test
template:
metadata:
labels:
app: nginx1-test
spec:
containers:
- name: nginx
image: <acr-name>.azurecr.io/nginx:v1
ports:
- containerPort: 80
ACR and AKS can be connected immediately when creating Kubernetes. ACR doesn’t even have to be in the same subscription:
az aks create -n AKSCluster_NAME -g ResourceGroup_NAME --generate-ssh-keys --attach-acr $ ACR_NAME
az aks create -n AKSCluster_NAME -g ResourceGroup_NAME --generate-ssh-keys --attach-acr /subscriptions/<subscription_id>/resourceGroups/<ContainerRegistryResourceGroup_NAME>/providers/Microsoft.ContainerRegistry/registries/ACR_NAME
If we already have a cluster created, just update and enter the name or ID of our ACR:
az aks update -n AKSCluster_NAME -g ResourceGroup_NAME --attach-acr ACR_NAME
az aks update -n AKSCluster_NAME -g ResourceGroup_NAME --attach-acr ACR_ID
If we have more subscriptions, we switch to the one containing kubernetes, or add to the command –-subscription:
az aks update -n AKSCluster_NAME -g ResourceGroup_NAME --attach-acr ACR_NAME --subscription ID_SUBSKRYPCJI
To remove the integration we use –detach-acr instead of attach :
az aks update -n AKSCluster_NAME -g ResourceGroup_NAME -- detach-acr ACR_NAME
Once we have integrated AKS and ACR, we no longer need to specify “imagePullSecrets” in yaml.
If you are interested in topics related to Kubernetes, check out my other posts related to it https://lepczynski.it/en/category/k8s_en/.
You can find Azure related articles in the azure category https://lepczynski.it/en/category/azure_en/.