Home > Software engineering >  How to use existing Container Registry when creating AKS cluster in Pulumi Azure Native
How to use existing Container Registry when creating AKS cluster in Pulumi Azure Native

Time:11-10

I created Azure Container Registry (ACR) and now need to create Managed Cluster (AKS). When we use Azure Portal or Azure CLI, we can integrate existing ACR. In Pulumi Azure Native, ManagedClusterArgs does not have any property to accept existing ACR.

How to attach already created ACR when creating Managed Cluster?

Or assigning AcrPull role to the automatically created User Assigned Managed Identity (<clsuter-name>-agentpool) will achieve the same?

CodePudding user response:

Yes, you need to assign AcrPull role to the cluster. Here is an example using a system-assigned managed identity:

const cluster = new containerservice.ManagedCluster("managedCluster", {
    // ...
    identity: {
        type: "SystemAssigned",
    },
});

const creds = containerservice.listManagedClusterUserCredentialsOutput({
    resourceGroupName: resourceGroup.name,
    resourceName: cluster.name,
});

const principalId = cluster.identityProfile.apply(p => p!["kubeletidentity"].objectId!);

// const registry = ...
// const subscriptionId = ...

const roleDefinitionId = `/subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d`;
const assignment = new azure_native.authorization.RoleAssignment("acr-pull", {
    properties: {
        principalId: principalId,
        roleDefinitionId: roleDefinitionId,
    },
    scope: registry.id,
});
  • Related