DEVHIDE
Login Or Sign up

How to share images between ACRs in separate tenants using Azure DevOps agents

59 Views Asked by At

I want to share the same image between two Azure Container Registries. Registries are in different tenants. I build images on self hosted agent with Managed Identity. I have two pools with separate maned identity, because they are also on different tenants.

So on Dev env I have:

  • dev pool with dev managed identity
  • dev ACR
  • dev subscription
  • dev tenant

On Prod env I have:

  • prod pool with prod managed identity
  • prod ACR
  • prod subscription
  • prod tenant

I don't want to build images twice, but I want to reuse the same image which is alreadu pushed.

azure docker azure-devops azure-pipelines azure-container-registry
Original Q&A
1

There are 1 best solutions below

0
Krzysztof Madej On

To do this you can:

  • create short-lived token to access dev Container Registry
  • pass this token to Prod job to use it in another tenant
  • copies images from Dev Container Registry to Prod Container Registry using token
stages:
  - stage: ImportImage
    jobs:
      - job: ObtainToken
        displayName: 'Obtain Token'
        pool:
          name: Dev
        steps:
          - script: |
              az login --identity
              az account set --subscription 'Dev'
              token=$(az account get-access-token --query accessToken -o tsv)
              echo "##vso[task.setvariable variable=accessToken;isoutput=true;issecret=true]$token"
            displayName: 'Obtain Access Token'
            name: ObtainToken

      - job: ImportImage
        displayName: 'Import Container Image'
        dependsOn: ObtainToken
        pool:
          name: Prod
        variables:
          accessToken: $[ dependencies.ObtainToken.outputs['ObtainToken.accessToken'] ]
        steps:
          - script: |
              az login --identity
              az account set --subscription 'Prod'
              ##vso[task.setsecret]$(accessToken)
              # Use the obtained token to import the container image from the registry
              az acr import \
                --name prodacr \
                --source devacr.azurecr.io/some_api:20240112.1 \
                --image some_api:20240112.1 \
                --password $(accessToken)
            displayName: 'Import Container Image'

Related Questions in AZURE

Related Questions in DOCKER

Related Questions in AZURE-DEVOPS

Related Questions in AZURE-PIPELINES

Related Questions in AZURE-CONTAINER-REGISTRY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.