Integrating Azure Container Registry with AKS for deployment
TypeScriptTo integrate Azure Container Registry (ACR) with Azure Kubernetes Service (AKS), you'll create an ACR instance and then configure an AKS cluster to pull container images from the ACR. The following program is written in TypeScript using Pulumi for Azure.
First, you'll need to import required packages from
@pulumi/azure-native
. You will create an ACR instance using thecontainerregistry.Registry
class, which represents an Azure Container Registry. Then you'll create an AKS cluster using thecontainerservice.ManagedCluster
class. Finally, you will configure AKS to authenticate with ACR. This will allow AKS to pull images from the ACR for container deployments.Here is a step-by-step Pulumi program in TypeScript to accomplish the integration:
import * as pulumi from "@pulumi/pulumi"; import * as containerregistry from "@pulumi/azure-native/containerregistry"; import * as containerservice from "@pulumi/azure-native/containerservice"; import * as resources from "@pulumi/azure-native/resources"; // Create an Azure Resource Group (where all resources will be deployed) const resourceGroup = new resources.ResourceGroup("myResourceGroup"); // Create an Azure Container Registry const registry = new containerregistry.Registry("myRegistry", { resourceGroupName: resourceGroup.name, sku: { name: "Standard", // ACR SKU Standard is usually sufficient for most use cases. }, adminUserEnabled: true, // Enabling the admin user provides access credentials. }); // Create an AKS cluster const managedCluster = new containerservice.ManagedCluster("myManagedCluster", { resourceGroupName: resourceGroup.name, agentPoolProfiles: [{ count: 1, maxPods: 110, mode: "System", name: "agentpool", osType: "Linux", vmSize: "Standard_DS2_v2", // You should choose a size suited to your workload. }], dnsPrefix: pulumi.interpolate`${resourceGroup.name}-kube`, enableRBAC: true, // Best practice is to always enable RBAC for AKS clusters. }); // Retrieve the ACR's admin credentials (username and password) const credentials = pulumi.all([resourceGroup.name, registry.name]).apply(([rgName, registryName]) => containerregistry.listRegistryCredentials({ resourceGroupName: rgName, registryName: registryName, }) ); const adminUsername = credentials.apply(c => c.username!); const adminPassword = credentials.apply(c => c.passwords![0].value!); // Grant AKS-generated service principal pull access from ACR const aksSpId = managedCluster.apply(mc => mc.servicePrincipalProfile.clientId); const aksSpAuth = new containerregistry.RegistryPassword("aksSpAuth", { registryName: registry.name, resourceGroupName: resourceGroup.name, name: aksSpId.apply(spId => spId), access: "Pull", // Only pull access is needed for a Kubernetes cluster }); export const aksClusterName = managedCluster.name; export const acrLoginServer = registry.loginServer; export const acrUsername = adminUsername; export const acrPassword = adminPassword;
In this program:
- We create a resource group in Azure to contain our registry and cluster.
- We create an Azure Container Registry with admin user enabled. Enabling the admin user is a simple way to authenticate AKS with ACR.
- We create an Azure Kubernetes Service (AKS) cluster with RBAC enabled, which is a good security practice.
- We then retrieve the ACR admin credentials, consisting of a username and password necessary for AKS to authenticate with ACR.
- We ensure that the AKS service principal has the necessary pull rights to retrieve images from the ACR.
- Finally, we export several output variables like the AKS cluster name and ACR credentials. These can be used to configure your CI/CD pipeline or local
kubectl
to work with your new AKS cluster.
Remember to replace placeholder values with actual names specific to your environment, such as the 'Standard_DS2_v2' VM size and the resource group name.
To run this Pulumi program:
- Ensure you have Pulumi installed and have an Azure account configured with the Azure CLI.
- Create a new Pulumi project using
pulumi new azure-typescript
. - Replace the contents of
index.ts
with the code provided above. - Run
pulumi up
to preview and deploy the changes.
By deploying this program, you instruct Pulumi to provision the specified Azure resources and set up the integration between AKS and ACR. Your AKS cluster will be able to pull images from the ACR for your deployments.