There are several ways to authenticate with an Azure container registry, each of which is applicable to one or more registry usage scenarios.
Recommended ways include authenticating to a registry directly via individual login, or your applications and container orchestrators can perform unattended, or “headless,” authentication by using an Azure Active Directory (Azure AD) service principal.
I will show the steps using service principal and admin user method to login in ACR.
Using admin user is relatively easy, just enable it and you are good to go.
Let verify it using docker command.
OK, I am login to ACR, let’s upload a image to it.
OK, done uploading to ACR, let’s check it from console.
Next, let’s use service principal as authentication method and push image to ACR. Using S.P is a little bit complicated, the steps are:
- Register application with AAD and create a S.P
- Assign a role to the application
- Get client ID and application secret
- Verity if login is successful
Name the application, leave the rest as default and click Register at the bottom.
Once done, the overview information is as below. Drop down the Application ID as we will need it to login.
There are two authentication options available for service principals. I will use password-based authentication for convenience.
Copy the value as it is your login password.
Now we have the service principal ready, we need to assign permission to it by assigning role. We can assign permission on subscription, resource group or resource level. Let’s assign permission on resource level, which is ACR itself.
Once done, let’s login ACR from command line.
Now let’s verify if we can upload image to ACR.
And it is a success!
In next post, I will attach this ACR with Azure AKS so that AKS can build containers from this ACR. Stay tune!
