how to pull docker image available in ACR from different subscription and tenant id in Azure

1
votes

we are having two different Azure subscriptions and tenant ids. one for development env and other for a production environment. as a CI-CD pipeline, we are building docker images and pushed these images to ACR in dev subscription. we want to reuse docker images available in dev subscription ACR when running k8s cluster in prod environment.

as per my understanding, we can not reuse ACR from different subscription and tenant id. only possible solution is to have atleast same tenant id.

do we have any way by which we can reuse these docker images.

2
azuredockerazure-container-registry

2 Answers

0
votes

why not, you just need to auth to acr and then you can pull images from that ACR. you wont be able to use Azure connection for that, but you can use docker connection for that (in both kubernetes and azure devops).

0
votes

From ACR pov, it's supported. Say you create an Service Principal SP1 in tenant1/sub1, and assign AcrPull role to it for registry1 in tenant1/sub1. SP1 now can access registry1. You can then assign the same SP1 the AcrPull role for registry2 in another tenant tenant2/sub2 (this essentially makes SP1 a guest service principal in tenant2); now SP1 can also pull from registry2. As long as an SP is given permission to pull from a registry, you can use the SP as user/pwd to access the registry from anywhere. Can you elaborate what is not working?