https://pulumi.com logo
Powered by
Title
w

wooden-branch-26004

07/20/2020, 12:15 PM
Hello! I want to attach ACR repository to a new AKS cluster. I can do that via 
cli
 using 
--attach-acr <acr_name>
 (ex. 
az aks ... create --attach-acr <acr_name>
 ) . How can I do the same via Pulumi? I haven't found anything related to it in 
KubernetesCluster
 or 
KubernetesClusterArgs
 . Thanks!
b

better-rainbow-14549

07/20/2020, 12:49 PM
const acrRole = new azure.authorization.Assignment(`Cluster-${args.Name}-ACR-Role`, {
        principalId: ClusterServicePrincipal.id,
        scope: ContainerRegistry.id,
        roleDefinitionName: "AcrPull"
    });
i believe all it does is this -- grants AcrPull against the cluster's Service Principal
that's all we do and it certainly allows the cluster to pull images down
w

wooden-branch-26004

07/20/2020, 5:09 PM
Thank you! Will check it out!
Just checked, I don't have 
Service Principal
assigned. I'm using 
system-assigned managed identity
.
b

better-rainbow-14549

07/21/2020, 10:45 AM
hmm not sure then sorry, does anything like that get populated in the return object from new azureaks.cluster()
w

wooden-branch-26004

07/21/2020, 1:59 PM
Hmm.. Actually, I don't know if Azure returning any info about 
acr
when you create a cluster. I need to check. Thanks!
b

better-rainbow-14549

07/21/2020, 2:07 PM
sorry - I meant details of the identity the cluster runs as so that you could do the above but pointing something different. perhaps cluster.identity.principalId ?
i still think you'll have to manually add the role as the terraform backing the pulumi azure project doesnt seem to list anything to do with ACR
https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html#principal_id
w

wooden-branch-26004

07/21/2020, 2:42 PM
oh, I see. So, Pulumi uses terraform under the hood. I'll check the docs. Thanks!
3 Views
#azureJoin Slack
Powered by