stackoom
  简体   繁体   中英

Issue of while Authenticate with Azure Container Registry from Azure Kubernetes Service

 原文  2018-08-13 06:35:36       azure/ powershell/ azure-container-registry/ azure-kubernetes

Question

I created the Azure Kubernetes Service and Azure Container Registry using Azure Portal. After that I am able to give the Grant AKS access to ACR, for that I used the below script: 

Login-AzureRmAccount
Set-AzureRmContext -SubscriptionID 'XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXX'
#Get the id of the service principal configured for AKS
$AKS_RESOURCE_GROUP = "DSEU2-AKSRES-SB-DEV-RGP-01"
$AKS_CLUSTER_NAME = "DSEU2-AKSRES-SB-DEV-AKS-01"
$CLIENT_ID=$(az aks show --resource-group $AKS_RESOURCE_GROUP --name     $AKS_CLUSTER_NAME --query "servicePrincipalProfile.clientId" --output tsv)

# Get the ACR registry resource id
$ACR_NAME = "DSWEAKSRESSBDEVACR01"
$ACR_RESOURCE_GROUP = "DSWE-AKSRES-SB-DEV-RGP-01"
$ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

#Create role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID

Whenever I am running the above PowerShell script then I am getting the exception like shown in below figure. 在此处输入图片说明

For the above scenario I followed this documentation: Authenticate with Azure Container Registry from Azure Kubernetes Service

1 answers

solution1
 1 ACCPTED  2018-08-13 08:14:33

For the command az role assignment create , the description for the argument with --assignee :

Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.

But what you use is the resource Id of Azure Kubernetes cluster. So you get the error.

And the link you posted, the document shows the secret in the yaml file and the secret created with the command kubectl create secret . The secret just be used for pulling the image from the Azure Container Registry.

Update

With the ERROR shows, the resource group could not be found, so you should check your resource group carefully.

And from your script, you use PowerShell command to log in and use CLI to execute. I think the subscription will not be changed for CLI. So you can check if you are in the correct subscription. PowerShell command will not change the Subscription for CLI. 在此处输入图片说明

So I suggest the CLI command az account set --subscription .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Kubernetes on Azure Container Service How to authenticate with Azure ACR from Azure container app service Azure App Service continuous deployment from Azure Container Registry Pull images from an Azure container registry to a Kubernetes cluster How do I authenticate using a managed identity from gitlab-ci to push a docker container from gitlab registry to Azure web service? Powershell + Azure App Service + Azure Container Registry Attach Azure Kubernetes Service (AKS) to Azure Container Registry (ACR) without being Subscription Owner Pull image Azure Container Registry - Kubernetes Pull azure container registry image in kubernetes helm How to authenticate with azure container registry using cert-based service principal
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM