In this article we will setup the Azure CLI to interact with AWS AKS (Azure Kubernetes Service) and Azure ACR (Azure Container Registry)).

–>
UI Console -> Azure Active Directory
App registrations -> New registration -> * Name: container-admin -> Supported account types: Accounts in this organizational directory only -> Register

container-admin -> Certificates & secrets -> New client secret -> Description: azure-cli ; Expires: In 1 year -> Add -> Take note of the <Client secret value>

Search for (top left): Subscriptions -> Click your subscription -> Access control (IAM) -> Add -> Add role assignment -> Role: Azure Kubernetes Service Cluster Admin Role -> Assign access to: Azure AD user, group, or service principal -> Select: (search for) container-admin -> Save

Azure Active Directory -> App registrations -> container-admin -> Overview -> Take note of the <Application (client) ID> and <Directory (tenant) ID>

 $ [[ ! -d ~/.azure ]] && mkdir ~/.azure

(Replace <Application (client) ID>, <Client secret value> and <Directory (tenant) ID> below):

$ cat << "EOF" > ~/.azure/credentials
> [container-admin]
> application_id=<Application (client) ID>
> client_secret=<Client secret value>
> directory_id=<Directory (tenant) ID>
> EOF
$ chmod o-rw,g-w ~/.azure/credentials

Add a function in to your startup to parse the above file for pertinent login information as a servicePrincipal and run az login in a sub-shell when you execute it (ensure you get pertinent output regarding the Subscription):

$ cat << 'EOF' >> ~/.bashrc
>
> function az-login-sp() {
>         (export $(grep -v '^\[' $HOME/.azure/credentials | xargs) && az login --service-principal -u $application_id -p $client_secret --tenant $directory_id)
> }
> EOF
$ . ~/.bashrc
$ az-login-sp

Ensure you get appropriate output (the value will be []):

$ az aks list

Ensure you get appropriate output (the value will be []):

$ az acr list

<–

References: