Question 294340 in Azure Question posted in
The official documentation to get you started can be found here.

AZURE ACR pull premssion withot login(docker or az) from VM

Is there a way to pull docker images (inside VM) from the ACR without logging in, I am using the same in AWS I assign a role to allow the EC2 to pull from the docker container registry without having to login from the EC2 insistence.

I tried all what I can find on Google but nothing worked for me, it seems this not possible as the only ways to authenticate are list here Authenticate with an Azure container registry

I am also aware that I can enable anonymous access, but I prefer not do that.

thank you in advance.

Tags:

2

Answers


  1. 0

    One way or another you have to use docker login or az acr login
    to avoid using passwords you can use a managed identity or service principal to automatically authenticate a virtual machine (VM) with Azure Container Registry (ACR) without manually logging in each time. This approach allows for a more secure and automated way to handle authentication:

    Using Managed Identity: Assign a managed identity to your VM and grant it access to the ACR. This managed identity can then be used for authentication, allowing the VM to pull images from the ACR without manual login.

    Using Service Principal: Create a service principal and assign it the necessary permissions to access the ACR. You can then configure your VM to use this service principal for authentication.

    But in case you do not want to run the commands manually inside the virtual machine you can use a startup script that logs in for you or you can play around with the dockerconfig file and mount it to your VM so it takes the credentials from there.

    Read it here

    Login or Signup to reply.
  2. 0

    Pulling Docker images from Azure Container Registry generally requires authentication. Azure primarily relies on authentication through service principals, user credentials and managed identities.

    If you want to avoid storing credentials on your VM, you can consider using Managed Identity by following below steps for Azure resources.

    1. Enable Managed Identity on VM: Go to Azure portal > navigate to your VM > select Identity > Enable the system-assigned managed identity.

    enter image description here

    1. Assign ACR Permissions: Go to your ACR instance > select Access Control>Under Role assignments >add a role assignment> Assign the AcrPull role to the managed identity associated with your VM.

    enter image description here

    1. Pull Docker Images: On your VM, install the Azure CLI if it’s not already installed. You can use the following command to log in using the managed identity

      `az login --identity`

    2. Pull Docker Image: After logging in with the managed identity, you should be able to pull images from ACR without explicit credentials.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search