https://pulumi.com logo
Join Slack
Powered by
Hello! I want to attach ACR repository to a new A...
# azure
w
Hello! I want to attach ACR repository to a new AKS cluster. I can do that via 
cli
 using 
--attach-acr <acr_name>
 (ex. 
az aks ... create --attach-acr <acr_name>
 ) . How can I do the same via Pulumi? I haven't found anything related to it in 
KubernetesCluster
 or 
KubernetesClusterArgs
 . Thanks!
b
Copy code
const acrRole = new azure.authorization.Assignment(`Cluster-${args.Name}-ACR-Role`, {
        principalId: ClusterServicePrincipal.id,
        scope: ContainerRegistry.id,
        roleDefinitionName: "AcrPull"
    });
i believe all it does is this -- grants AcrPull against the cluster's Service Principal
that's all we do and it certainly allows the cluster to pull images down
w
Thank you! Will check it out!
Just checked, I don't have 
Service Principal
assigned. I'm using 
system-assigned managed identity
.
b
hmm not sure then sorry, does anything like that get populated in the return object from new azureaks.cluster()
w
Hmm.. Actually, I don't know if Azure returning any info about 
acr
when you create a cluster. I need to check. Thanks!
b
sorry - I meant details of the identity the cluster runs as so that you could do the above but pointing something different. perhaps cluster.identity.principalId ?
i still think you'll have to manually add the role as the terraform backing the pulumi azure project doesnt seem to list anything to do with ACR
w
oh, I see. So, Pulumi uses terraform under the hood. I'll check the docs. Thanks!
3 Views
Open in Slack
PreviousNext
Powered by