Integration ACR with AKS

Kubernetes - Integrate ACR with AKS

Last updated on April 20th, 2021

The images we use in kubernetes are downloaded from public registers (where we don’t need to log in) or from private where we need to authenticate. On the Microsoft Azure platform, you can integrate Azure Kubernetes Service (AKS) with Azure Container Registries (ACR), our private registry, without using secrets in yaml file.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx1-test
  labels:
    app: nginx1-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx1-test
  template:
    metadata:
      labels:
        app: nginx1-test
    spec:
      imagePullSecrets:
      - name: acr-secret
      containers:
      - name: nginx
        image: <acr-name>.azurecr.io/nginx:v1
        ports:
        - containerPort: 80

After integration we will be able to connect to our private registry as to the public one without using secrets (imagePullSecrets) in yamle.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx1-test
  labels:
    app: nginx1-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx1-test
  template:
    metadata:
      labels:
        app: nginx1-test
    spec:
      containers:
      - name: nginx
        image: <acr-name>.azurecr.io/nginx:v1
        ports:
        - containerPort: 80

ACR and AKS can be connected immediately when creating Kubernetes. ACR doesn’t even have to be in the same subscription:

az aks create -n AKSCluster_NAME -g ResourceGroup_NAME --generate-ssh-keys --attach-acr $ ACR_NAME
az aks create -n AKSCluster_NAME -g ResourceGroup_NAME --generate-ssh-keys --attach-acr /subscriptions/<subscription_id>/resourceGroups/<ContainerRegistryResourceGroup_NAME>/providers/Microsoft.ContainerRegistry/registries/ACR_NAME

If we already have a cluster created, just update and enter the name or ID of our ACR:

az aks update -n AKSCluster_NAME -g ResourceGroup_NAME --attach-acr ACR_NAME
az aks update -n AKSCluster_NAME -g ResourceGroup_NAME --attach-acr ACR_ID

If we have more subscriptions, we switch to the one containing kubernetes, or add to the command –-subscription:

az aks update -n AKSCluster_NAME -g ResourceGroup_NAME --attach-acr ACR_NAME  --subscription ID_SUBSKRYPCJI

To remove the integration we use –detach-acr instead of attach :

az aks update -n AKSCluster_NAME -g ResourceGroup_NAME -- detach-acr ACR_NAME

Once we have integrated AKS and ACR, we no longer need to specify “imagePullSecrets” in yaml.

If you are interested in topics related to Kubernetes, check out my other posts related to it https://lepczynski.it/en/category/k8s_en/.

You can find Azure related articles in the azure category https://lepczynski.it/en/category/azure_en/.

Leave a Reply

Your email address will not be published. Required fields are marked *