Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
You can use an Azure container registry as a source of container images for Kubernetes. This setup can include clusters you manage, managed clusters hosted in Azure Kubernetes Service (AKS) or other clouds, and "local" Kubernetes configurations such as minikube and kind.
To pull images to your Kubernetes cluster from an Azure container registry, you need to establish an authentication and authorization mechanism. Depending on your cluster environment, choose one of the following methods:
Scenarios
| Kubernetes cluster | Authentication method | Description | Example |
|---|---|---|---|
| AKS cluster | AKS managed identity | Lets the AKS kubelet managed identity pull images from an attached Azure container registry. The registry and cluster must be in the same Azure tenant, but can be in different Azure subscriptions. |
Authenticate with Azure Container Registry from Azure Kubernetes Service |
| AKS cluster | AKS service principal | Grants the AKS service principal permissions to a target Azure container registry. The registry and cluster can be in different Azure tenants or subscriptions. |
Pull images from an Azure container registry to an AKS cluster in a different tenant |
| Kubernetes cluster other than AKS | Pod imagePullSecrets | Use the general Kubernetes mechanism to manage registry credentials for pod deployments. Configure service principal, repository-scoped token, or other supported registry credentials. |
Pull images from an Azure container registry to a Kubernetes cluster using a pull secret |
Related content
- Learn more about how to authenticate with an Azure container registry.