Retrieving and using Azure Container Registry credentials in an Azure Resource Manager Template

I recently created a set of Azure Resource Manager (ARM) templates ( https://github.com/marrobi/RancherOnAzure/ ) to simplify the deployment of Rancher ( http://rancher.com/rancher/ ) to Azure. Rancher is an Open Source container management platform –  https://github.com/rancher/rancher.

Rancher offers the facility to connect a container registry ( https://docs.rancher.com/rancher/v1.6/en/environments/registries/ ) so that images can be pulled for deployment. As part of my deployment I wanted to provide users with an Azure Container Registry (ACR) instance already connected to Rancher.

My Rancher templates consist of a top level template with a number of nested child templates. ACR would be a child template. My challenge was that I needed to retrieve the registry credentials and then use them in the Rancher Server template which would then handle the registry connection via the Rancher API  ( https://docs.rancher.com/rancher/v1.0/en/api/v1/api-resources/registry/ ).

My first step was to retrieve an ARM template that enables me to deploy an Azure Container registry. I found the template below via https://github.com/Azure/acr/blob/master/docs/FAQ.md .

Retrieving Registry Credentials

Azure Container Registry can be secured be either using a build in admin account, or an Azure Service Principle.  As I wanted to make deployment as simple as possible for people with little knowledge of Azure, and hence not require users to create a service principle I chose to use the built in admin account. To ensure this is enabled I changed the default value of the acrAdminUserEnabled parameter to true. I then needed to retrieve the Container Registry logon details as outputs of the template. I created three outputs as follows:

My final ACR template is available here: https://github.com/marrobi/RancherOnAzure/blob/master/nestedtemplates/ACR.json

I tested the ACR template and verified I could retrieve the values as an output of the deployment:

PS C:\Users\marrobi> (Get-AzureRmResourceGroupDeployment -ResourceGroupName tmpACR).Outputs.Values

 

Type   Value                          
—-   —–                          
String mrtest.azurecr.io   
String mrtest              
String =/T9+/4hUA=/d=V=+Kw//=ceZJpq/dXr

Using the credentials

I needed to supply these outputs to my Rancher Server template. To do this the outputs of the ACR deployment are passed into the Rancher Server template deployment:

It was also important that the Rancher Server deployment did not execute until my ACR template had finished deployment. I did this by adding a dependency:

The full top level template can be viewed here: https://github.com/marrobi/RancherOnAzure/blob/master/azuredeploy.json

Within the Rancher Server template I passed the parameters into a custom script extension that then calls the Rancher API. For those people interested in the Rancher specifics, Rancher Server is deployed in this template, https://github.com/marrobi/RancherOnAzure/blob/master/nestedtemplates/RancherServer.json, which executes this script: https://github.com/marrobi/RancherOnAzure/blob/master/scripts/configure_server.sh .

If you wish to try out the full deployment click below:

Leave a Comment

Your email address will not be published. Required fields are marked *