Skip to main content
Version: 1.27

Azure Container Registry

This tutorial will guide you on how to use your private Azure Container Registry (ACR) with Okteto. It's recommended that you have the Azure CLI installed to follow this tutorial.

The steps to configure your private ACR with Okteto are:

  • Create a user with access to your private ACR
  • Retrieve the user credentials
  • Configure the credentials in Okteto

Step 1: Create a user with access to your private ACR

First you need to create a Service Principal with role based access control.

To do so, you will need the following information:

  • scopes: the ID of your Azure Container Registry
  • role: PULL to have read access to your private ACR

You can list your current container registries with:

az acr list

Pick the name of your ACR and export it to an environment variable:

export ACR_NAME=<<your-acr-name>>

Get the ID of your ACR with the Azure CLI by executing:

ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query "id" --output tsv)

Create the ServicePrincipal with PULL access with the AzureCLI by executing:

az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpull

Step 2: Retrieve the user credentials

Get the APP ID by executing the following command:

APP_ID=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv)

Create a PASSWORD for that APP ID:

az ad sp credential reset --id $APP_ID
{
"appId": "<<your-app-id>>",
"password": "<<your-password>>",
"tenant": "98e0e81b-dd65-4132-9d6c-ed2ac3e14e28"
}

Remember the value of appId and password. You will need them in the next step.

Step 3: Configure the credentials in Okteto

Add the following registry credentials to the Admin Registry Credentials view in the Okteto Admin Dashboard:

Start by navigating to Admin -> Registry Credentials under the Integrations section.

Click "Add Credential" and use the following settings:

  • Type: Static
  • Hostname: your Azure Container Registry name (ACR_NAME)
  • Username: appId from the previous step
  • Password: password from the previous step