✦ For everyone, free.

Practical knowledge for real and everyday life

Home

10.3.3.5 ACR AKS Integration

A focused guide to ACR AKS Integration, connecting core concepts with practical Docker and container operations.

ACR AKS integration allows an Azure Kubernetes Service cluster to pull images directly from an Azure Container Registry instance using the cluster's own managed identity, configured through a single explicit attachment step that handles the underlying role assignment automatically.

Attaching a Registry to an AKS Cluster

A single command grants an AKS cluster's identity pull access to a specific ACR instance.

az aks update -n myAKSCluster -g myResourceGroup --attach-acr myacrregistry

This command handles creating the appropriate role assignment behind the scenes, after which the cluster can pull from this registry without any further manual configuration.

Referencing the Registry From a Pod Specification

Once attached, a pod can reference an image from this registry directly, with authentication handled transparently.

spec:
  containers:
    - name: api
      image: myacrregistry.azurecr.io/myapp:2.3.0

No Kubernetes image pull secret is needed for this to work, since the underlying AKS node identity already has the necessary registry permissions.

Why This Avoids Manually Managing Kubernetes Pull Secrets

Without this integration, pulling from a private ACR instance within Kubernetes would otherwise require creating and referencing a Kubernetes secret containing registry credentials, an additional operational step this attachment removes entirely.

kubectl create secret docker-registry acr-secret --docker-server=... --docker-username=... --docker-password=...

This kind of manually managed secret becomes unnecessary once the cluster is properly attached to the registry.

Verifying the Attachment Took Effect

Confirming the underlying role assignment was actually created validates that this integration is correctly configured.

az role assignment list --scope <registry-resource-id>
Why ACR AKS Integration Matters

This straightforward attachment process significantly simplifies running AKS workloads that depend on images stored in ACR, removing what would otherwise be a recurring need to manage Kubernetes-specific registry credentials separately.

Related content