使用PowerShell ARM Cmdlet授予AKS访问ACR的权限

Question

I am working on to authenticate with Azure Container Registry from Azure Kubernetes Service using PowerShell by following this link .

This is the code I run in the PowerShell.

#Sign in using Interactive Mode using your login credentials
az login

#Set the current azure subscription
az account set --subscription 'XXXXXXXXXXXXXXXXXXXXXXX'

#See your current azure subscription
#az account show

#Get the id of the service principal configured for AKS
$AKS_RESOURCE_GROUP = "XXXX-AKSRES-SB-DEV-RGP-01"
$AKS_CLUSTER_NAME = "XXXX-AKSRES-SB-DEV-AKS-01"
$CLIENT_ID=$(az aks show  --name $AKS_CLUSTER_NAME --resource-group       $AKS_RESOURCE_GROUP --query "servicePrincipalProfile.clientId" --output tsv)

# Get the ACR registry resource id
$ACR_NAME = "XXWEAKSRESSBDEVACR01"
$ACR_RESOURCE_GROUP = "XXWE-AKSRES-SB-DEV-RGP-01"
$ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

#Create role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID

The above code contains Azure CLI commands but I want to use PowerShell ARM cmdlets instead of Azure CLI commands.

Answer 1

You could try the command below, it works fine on my side.

Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId "xxxxxxxxxxxxxxxxx"
#Get the id of the service principal configured for AKS
$aks = Get-AzureRmResource -ResourceGroupName "<ResourceGroupName>" -ResourceType Microsoft.ContainerService/managedClusters -ResourceName "<aksname>" -ApiVersion 2018-03-31
$clientid = $aks.properties.servicePrincipalProfile.clientId
#Get the ACR registry resource id
$acr = Get-AzureRmContainerRegistry -ResourceGroupName "<ResourceGroupName>" -Name "<ACRregistryname>" 
$resourceid = $acr.id
#Create role assignment
New-AzureRmRoleAssignment -ApplicationId $clientid -RoleDefinitionName "Reader" -Scope $resourceid