Retrieving and using Azure Container Registry credentials in an Azure Resource Manager Template

I recently created a set of Azure Resource Manager (ARM) templates ( ) to simplify the deployment of Rancher ( ) to Azure. Rancher is an Open Source container management platform –

Rancher offers the facility to connect a container registry ( ) so that images can be pulled for deployment. As part of my deployment I wanted to provide users with an Azure Container Registry (ACR) instance already connected to Rancher.

My Rancher templates consist of a top level template with a number of nested child templates. ACR would be a child template. My challenge was that I needed to retrieve the registry credentials and then use them in the Rancher Server template which would then handle the registry connection via the Rancher API  ( ).

My first step was to retrieve an ARM template that enables me to deploy an Azure Container registry. I found the template below via .

Retrieving Registry Credentials

Azure Container Registry can be secured be either using a build in admin account, or an Azure Service Principle.  As I wanted to make deployment as simple as possible for people with little knowledge of Azure, and hence not require users to create a service principle I chose to use the built in admin account. To ensure this is enabled I changed the default value of the acrAdminUserEnabled parameter to true. I then needed to retrieve the Container Registry logon details as outputs of the template. I created three outputs as follows:

My final ACR template is available here:

I tested the ACR template and verified I could retrieve the values as an output of the deployment:

PS C:\Users\marrobi> (Get-AzureRmResourceGroupDeployment -ResourceGroupName tmpACR).Outputs.Values


Type   Value                          
—-   —–                          
String mrtest              
String =/T9+/4hUA=/d=V=+Kw//=ceZJpq/dXr

Using the credentials

I needed to supply these outputs to my Rancher Server template. To do this the outputs of the ACR deployment are passed into the Rancher Server template deployment:

It was also important that the Rancher Server deployment did not execute until my ACR template had finished deployment. I did this by adding a dependency:

The full top level template can be viewed here:

Within the Rancher Server template I passed the parameters into a custom script extension that then calls the Rancher API. For those people interested in the Rancher specifics, Rancher Server is deployed in this template,, which executes this script: .

If you wish to try out the full deployment click below:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.