从Azure Kubernetes Service使用Azure容器注册表进行身份验证时发出的问题
[英]Issue of while Authenticate with Azure Container Registry from Azure Kubernetes Service
问题描述
I created the Azure Kubernetes Service and Azure Container Registry using Azure Portal. 
我使用Azure门户创建了Azure Kubernetes服务和Azure容器注册表。 After that I am able to give the Grant AKS access to ACR, for that I used the below script: 之后,我可以授予Grant AKS访问ACR的权限,为此,我使用了以下脚本:
Login-AzureRmAccount
Set-AzureRmContext -SubscriptionID 'XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXX'
#Get the id of the service principal configured for AKS
$AKS_RESOURCE_GROUP = "DSEU2-AKSRES-SB-DEV-RGP-01"
$AKS_CLUSTER_NAME = "DSEU2-AKSRES-SB-DEV-AKS-01"
$CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)
# Get the ACR registry resource id
$ACR_NAME = "DSWEAKSRESSBDEVACR01"
$ACR_RESOURCE_GROUP = "DSWE-AKSRES-SB-DEV-RGP-01"
$ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)
#Create role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID
Whenever I am running the above PowerShell script then I am getting the exception like shown in below figure. 每当我运行上述PowerShell脚本时,就会遇到如下图所示的异常。
For the above scenario I followed this documentation: Authenticate with Azure Container Registry from Azure Kubernetes Service 对于上述情况,我遵循此文档: 从Azure Kubernetes Service使用Azure容器注册表进行身份验证
1 个解决方案
解决方案1
1 已采纳 2018-08-13 08:14:33
For the command az role assignment create , the description for the argument with --assignee : 对于命令az role assignment create ,使用--assignee参数的描述:
Represent a user, group, or service principal.
But what you use is the resource Id of Azure Kubernetes cluster. 但是,您使用的是Azure Kubernetes群集的资源ID。 So you get the error. 所以你得到了错误。
And the link you posted, the document shows the secret in the yaml file and the secret created with the command kubectl create secret . 和您发布的链接一样,该文档在yaml文件中显示了密钥,以及使用命令kubectl create secret 。 The secret just be used for pulling the image from the Azure Container Registry. 该机密仅用于从Azure容器注册表中提取映像。
Update 更新
With the ERROR shows, the resource group could not be found, so you should check your resource group carefully. 在显示ERROR的情况下,找不到资源组,因此您应该仔细检查资源组。
And from your script, you use PowerShell command to log in and use CLI to execute. 然后从脚本中使用PowerShell命令登录并使用CLI执行。 I think the subscription will not be changed for CLI. 我认为CLI的订阅不会更改。 So you can check if you are in the correct subscription. 因此,您可以检查您是否在正确的订阅中。 PowerShell command will not change the Subscription for CLI. PowerShell命令将不会更改CLI订阅。
So I suggest the CLI command az account set --subscription . 因此,我建议使用CLI命令az account set --subscription 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.