I have created AKS Private Cluster using User Managed Identity.
And I have created ACR Separately which is created Publicly.
I want to Integrate ACR with my Private AKS cluster, I'm not sure which command to use ??
I have created AKS Private Cluster using User Managed Identity.
And I have created ACR Separately which is created Publicly.
I want to Integrate ACR with my Private AKS cluster, I'm not sure which command to use ??
@AnkitRathod-6794 , Thank you for your question.
If you are using Azure CLI:
Integrate an existing ACR with existing AKS clusters by supplying valid values for acr-name or acr-resource-id as below.
az aks update -n myAKSCluster -g myResourceGroup --attach-acr <acr-name>
or,
az aks update -n myAKSCluster -g myResourceGroup --attach-acr <acr-resource-id>
az aks update --attach-acr uses the permissions of the user running the command to create the role ACR assignment. This role is assigned to the kubelet managed identity. For more information on the AKS managed identities, see Summary of managed identities.If you are using Azure PowerShell:
Integrate an existing ACR with existing AKS clusters by supplying valid values for acr-name as below.
Set-AzAksCluster -Name myAKSCluster -ResourceGroupName myResourceGroup -AcrNameToAttach <acr-name>
Set-AzAksCluster -AcrNameToAttach uses the permissions of the user running the command to create the role ACR assignment. This role is assigned to the kubelet managed identity. For more information on the AKS managed identities, see Summary of managed identities.For more information please check this section.
Hope this helps.
Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.
Thanks for your response,
But I'm still not able to understand what is the actual command to attach ACR(already created Manually) with Private AKS(already Created using Azure User Managed Identity) ??
as the above commands does not work ...
@AnkitRathod-6794 , can you please mention the error message you are getting with the aforementioned commands?
Im Running the below command. in powershell,
$kubletIdentityObjectId = az aks show --resource-group <rg_name> --name <Cluster_name> --qurey identityprofile.kubeletidentity.objectId --out tsv
$azureContainerRegistryId = az acr show --resource-group <rg_name> --name <CR_Name> --qurey id --out tsv
az role assignment create --role acrpull --assignee-object-id $kubletIdentityObjectId --scope $azureContainerRegistryId
It gives the below error
][1]
8 people are following this question.