Azure – Configure the CLI in the Development Environment for Containerization

In this article we will setup the Azure CLI to interact with AWS AKS (Azure Kubernetes Service) and Azure ACR (Azure Container Registry)).

–>
UI Console -> Azure Active Directory
App registrations -> New registration -> * Name: container-admin -> Supported account types: Accounts in this organizational directory only -> Register

container-admin -> Certificates & secrets -> New client secret -> Description: azure-cli ; Expires: In 1 year -> Add -> Take note of the <Client secret value>

Search for (top left): Subscriptions -> Click your subscription -> Access control (IAM) -> Add -> Add role assignment -> Role: Azure Kubernetes Service Cluster Admin Role -> Assign access to: Azure AD user, group, or service principal -> Select: (search for) container-admin -> Save

Azure Active Directory -> App registrations -> container-admin -> Overview -> Take note of the <Application (client) ID> and <Directory (tenant) ID>

 $ [[ ! -d ~/.azure ]] && mkdir ~/.azure

(Replace <Application (client) ID>, <Client secret value> and <Directory (tenant) ID> below):

$ cat << "EOF" > ~/.azure/credentials
> [container-admin]
> application_id=<Application (client) ID>
> client_secret=<Client secret value>
> directory_id=<Directory (tenant) ID>
> EOF
$ chmod o-rw,g-w ~/.azure/credentials

Add a function in to your startup to parse the above file for pertinent login information as a servicePrincipal and run az login in a sub-shell when you execute it (ensure you get pertinent output regarding the Subscription):

$ cat << 'EOF' >> ~/.bashrc
>
> function az-login-sp() {
>         (export $(grep -v '^\[' $HOME/.azure/credentials | xargs) && az login --service-principal -u $application_id -p $client_secret --tenant $directory_id)
> }
> EOF
$ . ~/.bashrc
$ az-login-sp

Ensure you get appropriate output (the value will be []):

$ az aks list

Ensure you get appropriate output (the value will be []):

$ az acr list

<–

References: