Home > Software engineering >  How to use existing Container Registry when creating AKS cluster in Pulumi Azure Native
How to use existing Container Registry when creating AKS cluster in Pulumi Azure Native

Time:11-10

I created Azure Container Registry (ACR) and now need to create Managed Cluster (AKS). When we use Azure Portal or Azure CLI, we can integrate existing ACR. In Pulumi Azure Native, ManagedClusterArgs does not have any property to accept existing ACR.

How to attach already created ACR when creating Managed Cluster?

Or assigning AcrPull role to the automatically created User Assigned Managed Identity (<clsuter-name>-agentpool) will achieve the same?

CodePudding user response:

Yes, you need to assign AcrPull role to the cluster. Here is an example using a system-assigned managed identity:

const cluster = new containerservice.ManagedCluster("managedCluster", {
    // ...
    identity: {
        type: "SystemAssigned",
    },
});

const creds = containerservice.listManagedClusterUserCredentialsOutput({
    resourceGroupName: resourceGroup.name,
    resourceName: cluster.name,
});

const principalId = cluster.identityProfile.apply(p => p!["kubeletidentity"].objectId!);

// const registry = ...
// const subscriptionId = ...

const roleDefinitionId = `/subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d`;
const assignment = new azure_native.authorization.RoleAssignment("acr-pull", {
    properties: {
        principalId: principalId,
        roleDefinitionId: roleDefinitionId,
    },
    scope: registry.id,
});

Page link:https//www.codepudding.com/Softwareengineering/184975.html

Prev:EPSG:3857 coordinates system compatibility with Azure Maps
Next:How to incrementally load data from Azure Blob storage to Azure SQL Database using Data Factory?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding