Microsoft Docs - Azure Kubernetes Service

Home Kubernetes

Integrate Azure Container Registry (ACR) with Azure Kubernetes Service (AKS)

This tutorial shows you how to configure an AKS cluster to pull container images securely from an Azure Container Registry.

1 Prerequisites

  • Azure CLI installed (az --version)
  • Logged in to Azure (az login)
  • Existing Resource Group (e.g., myResourceGroup)
  • Existing ACR instance (e.g., myAcrRegistry)
  • Existing AKS cluster (e.g., myAksCluster)

2 Grant AKS access to ACR

Run the following command to attach the ACR to the AKS cluster. This creates a acrpull role assignment that allows the cluster's service principal to pull images.

az aks update \
    --resource-group myResourceGroup \
    --name myAksCluster \
    --attach-acr myAcrRegistry

3 Verify the Role Assignment

az role assignment list \
    --assignee $(az aks show -g myResourceGroup -n myAksCluster --query identityProfile.kubeletidentity.objectId -o tsv) \
    --scope $(az acr show -n myAcrRegistry -g myResourceGroup --query id -o tsv) \
    --query "[].{role:roleDefinitionName}" -o table

4 Deploy a Sample Application

Push a sample image to your ACR and deploy it to AKS.

Build & Push Sample Image 
git clone https://github.com/Azure-Samples/aks-store-demo.git
cd aks-store-demo
az acr login -n myAcrRegistry
docker build -t myAcrRegistry.azurecr.io/store-frontend:v1 .
docker push myAcrRegistry.azurecr.io/store-frontend:v1

Create a deployment manifest that references the image.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: store-frontend
spec:
  replicas: 2
  selector:
    matchLabels:
      app: store-frontend
  template:
    metadata:
      labels:
        app: store-frontend
    spec:
      containers:
      - name: store-frontend
        image: myAcrRegistry.azurecr.io/store-frontend:v1
        ports:
        - containerPort: 80

Apply the manifest:

kubectl apply -f store-frontend-deployment.yaml

5 Expose the Deployment

kubectl expose deployment store-frontend --type LoadBalancer --port 80 --target-port 80

Obtain the external IP:

kubectl get service store-frontend

6 Clean Up Resources (Optional)

kubectl delete service store-frontend
kubectl delete deployment store-frontend
az aks update -g myResourceGroup -n myAksCluster --detach-acr myAcrRegistry

For more tutorials, visit the AKS documentation index.