Does anyone have any advice on how to pull from Azure container registry whilst running within Azure container service (kubernetes)
I've tried a sample deployment like the following but the image pull is failing:
kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins-master spec: replicas: 1 template: metadata: name: jenkins-master labels: name: jenkins-master spec: containers: - name: jenkins-master image: myregistry.azurecr.io/infrastructure/jenkins-master:1.0.0 imagePullPolicy: Always readinessProbe: tcpSocket: port: 8080 initialDelaySeconds: 20 timeoutSeconds: 5 ports: - name: jenkins-web containerPort: 8080 - name: jenkins-agent containerPort: 50000
I got this working after reading this info.
http://kubernetes.io/docs/user-guide/images/#specifying-imagepullsecrets-on-a-pod
So firstly create the registry access key
kubectl create secret docker-registry myregistrykey --docker-server=https://myregistry.azurecr.io --docker-username=ACR_USERNAME --docker-password=ACR_PASSWORD --docker-email=ANY_EMAIL_ADDRESS
Replacing the server address with the address of your ACR address and the USERNAME, PASSWORD and EMAIL address with the values from the admin user for your ACR. Note: The email address can be value.
Then in the deploy you simply tell kubernetes to use that key for pulling the image like so:
kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins-master spec: replicas: 1 template: metadata: name: jenkins-master labels: name: jenkins-master spec: containers: - name: jenkins-master image: myregistry.azurecr.io/infrastructure/jenkins-master:1.0.0 imagePullPolicy: Always readinessProbe: tcpSocket: port: 8080 initialDelaySeconds: 20 timeoutSeconds: 5 ports: - name: jenkins-web containerPort: 8080 - name: jenkins-agent containerPort: 50000 imagePullSecrets: - name: myregistrykey
This is something we've actually made easier. When you provision a Kubernetes cluster through the Azure CLI, a service principal is created with contributor privileges. This will enable pull requests of any Azure Container Registry in the subscription.
There was a PR: https://github.com/kubernetes/kubernetes/pull/40142 that was merged into new deployments of Kubernetes. It won't work on existing kubernetes instances.
翻译