hasusuf
commented
5 years ago I was able to make it work by creating service principal and treating its creds as Private Docker Registry. I will provide the necessary terraform scripts for it. Use the outputted command to create the secret and add dpr-secret to imagePullSecrets in your deployment.
resource "azurerm_container_registry" "acr" {
name = "${var.name}"
resource_group_name = "${var.resource_group}"
location = "${var.location}"
sku = "Premium"
admin_enabled = false
}
resource "azuread_application" "acr_app" {
name = "acr-app"
}
resource "azuread_service_principal" "acr_sp" {
application_id = "${azuread_application.acr_app.application_id}"
}
resource "random_string" "acr_sp_password" {
length = 16
special = true
keepers = {
service_principal = "${azuread_service_principal.acr_sp.id}"
}
}
resource "azuread_service_principal_password" "acr_sp_password" {
service_principal_id = "${azuread_service_principal.acr_sp.id}"
value = "${random_string.acr_sp_password.result}"
end_date = "${timeadd(timestamp(), "8760h")}"
lifecycle {
ignore_changes = ["end_date"]
}
provisioner "local-exec" {
command = "sleep 30"
}
}
resource "azurerm_role_assignment" "acr_assignment" {
scope = "${azurerm_container_registry.acr.id}"
role_definition_name = "Contributor"
principal_id = "${azuread_service_principal_password.acr_sp_password.service_principal_id}"
}
output "docker" {
value = "kubectl --context <CONTEXT> create secret generic registry-creds-dpr --from-literal DOCKER_PRIVATE_REGISTRY_SERVER=${azurerm_container_registry.acr.login_server} DOCKER_PRIVATE_REGISTRY_USER=${azuread_service_principal.acr_sp.application_id} DOCKER_PRIVATE_REGISTRY_PASSWORD=${azuread_service_principal_password.acr_sp_password.value} --dry-run -o yaml"
}
I've tried to setup it as Docker Registry (using
minikube addons configure registry-creds), but I think it's not supported for other reasons. Anyone using ACR have managed to do this?