In this article we will setup the Azure CLI to interact with AWS AKS (Azure Kubernetes Service) and Azure ACR (Azure Container Registry)).
–>
UI Console -> Azure Active Directory
App registrations -> New registration -> * Name: container-admin -> Supported account types: Accounts in this organizational directory only -> Register
container-admin -> Certificates & secrets -> New client secret -> Description: azure-cli ; Expires: In 1 year -> Add -> Take note of the <Client secret value>
Search for (top left): Subscriptions -> Click your subscription -> Access control (IAM) -> Add -> Add role assignment -> Role: Azure Kubernetes Service Cluster Admin Role -> Assign access to: Azure AD user, group, or service principal -> Select: (search for) container-admin -> Save
Azure Active Directory -> App registrations -> container-admin -> Overview -> Take note of the <Application (client) ID> and <Directory (tenant) ID>
$ [[ ! -d ~/.azure ]] && mkdir ~/.azure
(Replace <Application (client) ID>, <Client secret value> and <Directory (tenant) ID> below):
$ cat << "EOF" > ~/.azure/credentials > [container-admin] > application_id=<Application (client) ID> > client_secret=<Client secret value> > directory_id=<Directory (tenant) ID> > EOF $ chmod o-rw,g-w ~/.azure/credentials
Add a function in to your startup to parse the above file for pertinent login information as a servicePrincipal and run az login in a sub-shell when you execute it (ensure you get pertinent output regarding the Subscription):
$ cat << 'EOF' >> ~/.bashrc > > function az-login-sp() { > (export $(grep -v '^\[' $HOME/.azure/credentials | xargs) && az login --service-principal -u $application_id -p $client_secret --tenant $directory_id) > } > EOF $ . ~/.bashrc $ az-login-sp
Ensure you get appropriate output (the value will be []):
$ az aks list
Ensure you get appropriate output (the value will be []):
$ az acr list
<–
References: