使用PowerShell ARM Cmdlet授予AKS訪問ACR的權限

Question

我正在通過以下鏈接通過PowerShell使用Azure Kubernetes Service從Azure容器注冊表進行身份驗證。

這是我在PowerShell中運行的代碼。

#Sign in using Interactive Mode using your login credentials
az login

#Set the current azure subscription
az account set --subscription 'XXXXXXXXXXXXXXXXXXXXXXX'

#See your current azure subscription
#az account show

#Get the id of the service principal configured for AKS
$AKS_RESOURCE_GROUP = "XXXX-AKSRES-SB-DEV-RGP-01"
$AKS_CLUSTER_NAME = "XXXX-AKSRES-SB-DEV-AKS-01"
$CLIENT_ID=$(az aks show  --name $AKS_CLUSTER_NAME --resource-group       $AKS_RESOURCE_GROUP --query "servicePrincipalProfile.clientId" --output tsv)

# Get the ACR registry resource id
$ACR_NAME = "XXWEAKSRESSBDEVACR01"
$ACR_RESOURCE_GROUP = "XXWE-AKSRES-SB-DEV-RGP-01"
$ACR_ID=$(az acr show --name $ACR_NAME --resource-group $ACR_RESOURCE_GROUP --query "id" --output tsv)

#Create role assignment
az role assignment create --assignee $CLIENT_ID --role Reader --scope $ACR_ID

上面的代碼包含Azure CLI命令，但我想使用PowerShell ARM cmdlet代替Azure CLI命令。

Answer 1

您可以嘗試下面的命令，它對我而言很好用。

Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId "xxxxxxxxxxxxxxxxx"
#Get the id of the service principal configured for AKS
$aks = Get-AzureRmResource -ResourceGroupName "<ResourceGroupName>" -ResourceType Microsoft.ContainerService/managedClusters -ResourceName "<aksname>" -ApiVersion 2018-03-31
$clientid = $aks.properties.servicePrincipalProfile.clientId
#Get the ACR registry resource id
$acr = Get-AzureRmContainerRegistry -ResourceGroupName "<ResourceGroupName>" -Name "<ACRregistryname>" 
$resourceid = $acr.id
#Create role assignment
New-AzureRmRoleAssignment -ApplicationId $clientid -RoleDefinitionName "Reader" -Scope $resourceid