We're moving our Jenkins setup to Azure.
Once I have an Azure node, I run the following:
az login -i
az acr login -n myregistry
From there, I can pull images from the registry.
My container has the docker socket mapped inside and it interacts with docker on the host to bring up more containers. But when I try to docker pull from inside the container, I get
docker: Error response from daemon: Get https://myregistry.azurecr.io/v2/myimage/manifests/mytag:
unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
See 'docker run --help'.
One way to solve the issue is to have az installed in my container and invoke the same login on startup. I would like however not to modify the image.
Are there any other ways to use the fact that the host is already authorized for ACR? Is there any folder in the host that I can map inside my container so that it would use the host's login information?
Thanks
When you use the Azure CLI command
az acr login, then it will store the credential to your docker credential file~/.docker/config.json. So you can mount the docker credential file to the same path of the container. Then the docker inside the container can also use the credential to pull images from your ACR.Update:
Why not work, docker stores the credential in the file /home/user/.docker/config.json. When you use Azure CLI command
az acr login, it will use the current use that you use to login with the commandaz loginand then stores the credential for your local docker server. Here is the example via the way I provide you: