使用服务主体从AKS进行ACR身份验证 [英] Authentication with ACR from AKS with Service Principal
问题描述
一般情况下,我们使用ACR ID和AKS客户端ID(AKS的服务主体ID)进行角色分配,以访问ACR并提取图像,通常我习惯于 检查并验证天气kubernetes能够从acr查看kubernetes提取图像
部署仪表板并确认认证成功,这样做,我不能浪费时间通过检查我的部署仪表板验证天气角色分配认证是否成功第一次部署后。
Hi ,
In general , we do role assignment with ACR ID and AKS Client ID (Service Principal id of AKS) to have access to ACR and pull images , and usually i used to check and verify weather kubernetes able to pull images from acr looking at kubernetes
deployment dashboard and confirm authenticaiton is successful , doing this all time , i cannot waste my time to verify weather role-assignment authentication is successful by checking my deployment dashboard after the first deployment.
 问:如何确认并验证并确保ACR和AKS的身份验证成功, 我的意思是在角色分配之后如何确保它成功,在部署之后?我如何通过命令
line和Portal检查这一点?
Q. How can i confirm and verify and make sure authentication with ACR and AKS is successful , i mean after role assignment how can i make sure it is successfull , wihtout and after deployment ? And how can i check this through command line and Portal ?
请帮助我,我已经对此进行了2天的研究,我做了'但是要获得精确的解决方案。
Please help me with this , i have did research on this for 2 days , i did't get precise solution though.
推荐答案
从门户网站,如果您选择容器注册表 - >访问控制您可以查看对您的注册表具有权限的所有应用程序等。
From the portal, if you select your Container Registry -> Access Control you can see all applications, etc that have permissions to your registry.
如果您使用自动生成的SP作为在本文档中
If you are using the auto generated SP as in this doc
https: //docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-aks
然后你应该能够列出角色分配使用az角色分配列表
Then you should be able to list the role assignments using az role assignment list
这样你可以检查它是否已成功创建。话虽这么说,我找不到任何测试验证类型的命令。所以你仍然需要从AKS测试ACR的认证,以便100%确认。
That way you can check that it was created successfully. That being said, I do not find any test authentication type of commands. So you would still need to test the authentication to ACR from AKS in order to 100% confirm.
这篇关于使用服务主体从AKS进行ACR身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!