Pull image Azure Container Registry - Kubernetes

Does anyone have any tips on how to extract from the Azure container registry while working in the Azure container service (kubernet)

I tried the deployment example as shown below, but when trying to image is missing:

kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins-master spec: replicas: 1 template: metadata: name: jenkins-master labels: name: jenkins-master spec: containers: - name: jenkins-master image: myregistry.azurecr.io/infrastructure/jenkins-master:1.0.0 imagePullPolicy: Always readinessProbe: tcpSocket: port: 8080 initialDelaySeconds: 20 timeoutSeconds: 5 ports: - name: jenkins-web containerPort: 8080 - name: jenkins-agent containerPort: 50000 
+6
source share
2 answers

I got this job after reading this information.

http://kubernetes.io/docs/user-guide/images/#specifying-imagepullsecrets-on-a-pod

So, first create a registry key

 kubectl create secret docker-registry myregistrykey --docker-server=https://myregistry.azurecr.io --docker-username=ACR_USERNAME --docker-password=ACR_PASSWORD --docker-email=ANY_EMAIL_ADDRESS 

Replace the server address with the address of your ACR address and USERNAME, PASSWORD, and EMAIL address with values ​​from the admin user for your ACR. Note. Email address may be a value.

Then in the deployment, you simply tell the Kubernets to use this key to pull the image as follows:

 kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins-master spec: replicas: 1 template: metadata: name: jenkins-master labels: name: jenkins-master spec: containers: - name: jenkins-master image: myregistry.azurecr.io/infrastructure/jenkins-master:1.0.0 imagePullPolicy: Always readinessProbe: tcpSocket: port: 8080 initialDelaySeconds: 20 timeoutSeconds: 5 ports: - name: jenkins-web containerPort: 8080 - name: jenkins-agent containerPort: 50000 imagePullSecrets: - name: myregistrykey 
+10
source

This is what we have actually simplified. When you provide a Kubernets cluster through az cli, the principal service principal is created with contributor privileges. This will allow you to receive download requests for any Azure Container Registry in your subscription. There was a PR: https://github.com/kubernetes/kubernetes/pull/40142 , which was combined with new Kubernetes deployments. It will not work on existing copies of the kubernetes. Steve

+2
source

Source: https://habr.com/ru/post/1013247/


All Articles