question

AnkitRathod-6794 avatar image
0 Votes"
AnkitRathod-6794 asked AnkitRathod-6794 answered

Integrate ACR with AKS created using User Managed Identiy

I have created AKS Private Cluster using User Managed Identity.

And I have created ACR Separately which is created Publicly.

I want to Integrate ACR with my Private AKS cluster, I'm not sure which command to use ??

azure-kubernetes-serviceazure-managed-identityazure-container-registry
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

srbose-msft avatar image
0 Votes"
srbose-msft answered srbose-msft edited

@AnkitRathod-6794 , Thank you for your question.

If you are using Azure CLI:

Integrate an existing ACR with existing AKS clusters by supplying valid values for acr-name or acr-resource-id as below.

 az aks update -n myAKSCluster -g myResourceGroup --attach-acr <acr-name>

or,

 az aks update -n myAKSCluster -g myResourceGroup --attach-acr <acr-resource-id>
Running az aks update --attach-acr uses the permissions of the user running the command to create the role ACR assignment. This role is assigned to the kubelet managed identity. For more information on the AKS managed identities, see Summary of managed identities.

If you are using Azure PowerShell:

Integrate an existing ACR with existing AKS clusters by supplying valid values for acr-name as below.

 Set-AzAksCluster -Name myAKSCluster -ResourceGroupName myResourceGroup -AcrNameToAttach <acr-name>
Running Set-AzAksCluster -AcrNameToAttach uses the permissions of the user running the command to create the role ACR assignment. This role is assigned to the kubelet managed identity. For more information on the AKS managed identities, see Summary of managed identities.

For more information please check this section.


Hope this helps.

Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnkitRathod-6794 avatar image
0 Votes"
AnkitRathod-6794 answered srbose-msft commented

Thanks for your response,

But I'm still not able to understand what is the actual command to attach ACR(already created Manually) with Private AKS(already Created using Azure User Managed Identity) ??

as the above commands does not work ...

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AnkitRathod-6794 , can you please mention the error message you are getting with the aforementioned commands?

0 Votes 0 ·
AnkitRathod-6794 avatar image
0 Votes"
AnkitRathod-6794 answered

Im Running the below command. in powershell,


$kubletIdentityObjectId = az aks show --resource-group <rg_name> --name <Cluster_name> --qurey identityprofile.kubeletidentity.objectId --out tsv

$azureContainerRegistryId = az acr show --resource-group <rg_name> --name <CR_Name> --qurey id --out tsv

az role assignment create --role acrpull --assignee-object-id $kubletIdentityObjectId --scope $azureContainerRegistryId


It gives the below error


![124185-image.png][1]



image.png (38.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.