On attempt to login to Azure Container Registry with docker login
command using Active Directory credentials I have faced the issue:
Error response from daemon: Get https://myregistry.azurecr.io/v2/: unauthorized: authentication required
It's maybe obvious thing, that there is a problem with permissions, but I could not find correct way to reach the goal.
Please note that:
az acr login --name myregistry
works perfectly fine, and after that I was able to upload my image, but due to specific situation, I need a solution for docker login
command and auth with AD credentials.
I tried to provide required permissons acrpull/acrpush/acrdelete to user using the following doc:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal
but with no luck - the same output.
Is there any way to login to ACR with AD credentials using docker login
?
Sign into the Azure CLI on your local machine, then run the az acr login command. Specify only the registry resource name when logging in with the Azure CLI. Don't use the fully qualified login server name. The command returns Login Succeeded once completed.
When the admin account is enabled, you get a single user, username/password combination you can immediately use to interact with the registry. Simply issue: docker login myregistry-company.azurecr.io -u [admin username] -p [admin password] and your good to go.
When authenticating with an Azure container registry, there are two primary scenarios: individual authentication, and service (or "headless") authentication. The following table provides a brief overview of these scenarios, and the recommended method of authentication for each.
The document that you following is the right way to create a service principal for container registry to auth. You need to assign the right role to the service principal. The role describes in the script:
# Default permissions are for docker pull access. Modify the '--role'
# argument value as desired:
# acrpull: pull only
# acrpush: push and pull
# owner: push, pull, and assign roles
When the service principal is ready. You can log in with the command docker login
with the variables in the script like below:
docker login $ACR_NAME.azurecr.io -u $SP_APP_ID -p $SP_PASSWD
Then it works like this:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With