I recently created a set of Azure Resource Manager (ARM) templates ( https://github.com/marrobi/RancherOnAzure/ ) to simplify the deployment of Rancher ( http://rancher.com/rancher/ ) to Azure. Rancher is an Open Source container management platform – https://github.com/rancher/rancher.
Rancher offers the facility to connect a container registry ( https://docs.rancher.com/rancher/v1.6/en/environments/registries/ ) so that images can be pulled for deployment. As part of my deployment I wanted to provide users with an Azure Container Registry (ACR) instance already connected to Rancher.
My Rancher templates consist of a top level template with a number of nested child templates. ACR would be a child template. My challenge was that I needed to retrieve the registry credentials and then use them in the Rancher Server template which would then handle the registry connection via the Rancher API ( https://docs.rancher.com/rancher/v1.0/en/api/v1/api-resources/registry/ ).
My first step was to retrieve an ARM template that enables me to deploy an Azure Container registry. I found the template below via https://github.com/Azure/acr/blob/master/docs/FAQ.md .
Retrieving Registry Credentials
Azure Container Registry can be secured be either using a build in admin account, or an Azure Service Principle. As I wanted to make deployment as simple as possible for people with little knowledge of Azure, and hence not require users to create a service principle I chose to use the built in admin account. To ensure this is enabled I changed the default value of the acrAdminUserEnabled parameter to true. I then needed to retrieve the Container Registry logon details as outputs of the template. I created three outputs as follows:
My final ACR template is available here: https://github.com/marrobi/RancherOnAzure/blob/master/nestedtemplates/ACR.json
I tested the ACR template and verified I could retrieve the values as an output of the deployment:
PS C:\Users\marrobi> (Get-AzureRmResourceGroupDeployment -ResourceGroupName tmpACR).Outputs.Values
Using the credentials
I needed to supply these outputs to my Rancher Server template. To do this the outputs of the ACR deployment are passed into the Rancher Server template deployment:
It was also important that the Rancher Server deployment did not execute until my ACR template had finished deployment. I did this by adding a dependency:
The full top level template can be viewed here: https://github.com/marrobi/RancherOnAzure/blob/master/azuredeploy.json
Within the Rancher Server template I passed the parameters into a custom script extension that then calls the Rancher API. For those people interested in the Rancher specifics, Rancher Server is deployed in this template, https://github.com/marrobi/RancherOnAzure/blob/master/nestedtemplates/RancherServer.json, which executes this script: https://github.com/marrobi/RancherOnAzure/blob/master/scripts/configure_server.sh .
If you wish to try out the full deployment click below: