Adding Azure Container Registry (ACR) service connection to Azure DevOps is really simple as described in "Create Service Connection in Azure DevOps for Azure Container Registry", when you have the same account you are using for Azure DevOps, is associated with your Azure Subscription. However, this may not be the case always and you may want to push docker images to ACR in an Azure Subscription which is not related to your Azure DevOps organization, such as your customer's production Azure subscription. We have discussed one option with basic authentication in the post "Create Service Connection in Azure DevOps for Azure Container Registry - Using Basic Authentication". Let’s see how to create a service connection for ACR in such situation to utilize it in a deployment pipeline using a Service Principal in this post.
Create a service principal for the required Azure subscription If you do not have acccess to this subscription, you can ask subscription owner to provide with you a service principal. How to create a service principal is described here. This service principal should be added to the ACR Acess Control, Role Assignments with ACR Push role as aminimum. If it is added with Contributor role that is fine as well.
Copy the ACR login server name from ACR overview page.
With this information you can create a Docker Registry service connection in your Azure DevOps Team project with information provided as below. Instead of Azure Contianer Registry option used earlier as explained in "Create Service Connection in Azure DevOps for Azure Container Registry", now you need to use the Other option. Use the copied ACR login server name with https:// for the Docker registry. For Docker ID you use the copied appid value form the service principal and for Docker Password use the password copied form the service principal. Provide a name for the service connection and make sure to allow access to all pipelines. Then you can use the ACR service connection to push images to ACR using your pipelines.
No comments:
Post a Comment