Azure golang SDK - Assign AcrPull role to AKS cluster
php editor Xinyi introduces to you an important function in Azure golang SDK: assigning the AcrPull role to the AKS cluster. This feature can help developers manage and use container images more conveniently on the Azure cloud platform. By using the golang SDK, developers can easily assign the AcrPull role to the AKS cluster, thereby enabling the function of pulling and using private container images in the cluster. This not only improves the efficiency of developing and deploying containerized applications, but also enhances security and controllability, providing developers with a better user experience.
Question content
After creating the AKS cluster and ACR, I now try to programmatically grant the AcrPull role to the AKS cluster.
Currently I'm trying to do this using the RoleAssignmentsClient.Create() function from the golang SDK.
Here's what I've tried so far:
<code>AcrPullDefinitionID := "/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d"
// pulled that ^ off of: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#acrpull
providerNamespace := "/providers/Microsoft.ContainerService/managedClusters/"
scope := "/subscriptions/" + subscriptionID + "/resourceGroups/" + resourceGroupName + providerNamespace + resourceName
res, err := raClient.Create(ctx, scope, roleAssigmentName, armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr(clientID),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeServicePrincipal),
RoleDefinitionID: to.Ptr("/subscriptions/" + subscriptionID + AcrPullDefinitionID),
},
}, nil)
</code>When I make the call with the above values, I get the following error:
for resource: {AKSClusterName} of type: /providers/Microsoft.ContainerService/managedClusters/
Unable to create roleAssignment: PUT https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroup}/providers/Microsoft.ContainerService/managedClusters/{AKSClusterName}/providers/Microsoft.Authorization/roleAssignments/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d
--------------------------------------------------------------------------------
RESPONSE 405: 405 Method Not Allowed
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
{
"message": "The requested resource does not support http method 'PUT'."
}
--------------------------------------------------------------------------------I'm not sure if this is a conceptual misunderstanding or if I'm just using the API incorrectly.
Any and all help would be greatly appreciated. Thanks!
Solution
The range you are pointing to appears to be incorrect. When applying RBAC permissions, you need to set the scope to the resource to which the RBAC policy applies.
So if you are applying an RBAC policy for your AKS cluster to have AcrPull permissions, the scope should be set to the resource ID of the Azure Container Registry.
The above is the detailed content of Azure golang SDK - Assign AcrPull role to AKS cluster. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to install Snap on Debian 12
Mar 20, 2024 pm 08:51 PM
Snap is an external package manager designed for Linux systems that provides you with a convenient way to install containerized applications. Snap allows you to easily download and install packages without worrying about installing additional dependencies. The manager automatically resolves the dependencies required by the package, ensuring that the package runs smoothly on your system. Snap complements the native apt package manager, giving you another option for installing and running applications on your system. In this guide, you will find a complete guide on how to install Snap on Debian12. Outline: How to install Snap on Debian12 How to find package availability on Snap How to find information about packages on Snap
How to debug docker-compose? Where is the configuration path set?
Feb 10, 2024 pm 12:48 PM
I'm trying to debug docker-compose, this Go file, to solve some problem (this). To do this, I set up a GoLang debugger gorunmain.go-f/.../project_root/docker-compose.yml-f/.../project_root/folder1/docker-compose.ymlconfig's output is as expected, merged Configuration files. For some reason I can't find the configuration files set in the code, although they must be set somewhere because the output is the correctly merged configuration files. I suspect they must be set
What languages does pycharm support?
Apr 18, 2024 am 10:57 AM
Programming languages supported by PyCharm include: Python (main supported language) JavaScript (including Node.js and React) HTML/CSSTypeScriptJavaC/C++GoSQLDockerKotlinRust
6 Best Linux Distributions for Network Engineers
Feb 05, 2024 pm 05:20 PM
As a network engineer, when considering installing Linux for your job, you may be faced with a question: Of the thousands of Linux distributions available, which one should you choose? Don't worry, you're not alone. Linux is a common operating system of choice for network engineers, and there are many distributions suitable for network-related tasks. If you are a network engineer, you may want to know which distributions provide the best functionality for your work. The following are six excellent Linux distributions that are widely recommended by network engineers: 1. Fedora Among the many Linux distributions, Fedora is one of the most respected among network engineers, and the reason is simple. Fedora is an open source distribution equivalent to Red Hat Enterprise
What are the application fields of Go language development?
Apr 03, 2024 am 11:33 AM
The Go language is used in the following fields: back-end development (microservices, distributed systems) cloud computing (cloud native applications, containerized applications) data processing (data analysis, big data engines) networks and distributed systems (proxy servers, distribution cache) system tools (operating system, utilities)
Five selected Go language open source projects to take you to explore the technology world
Jan 30, 2024 am 09:08 AM
In today's era of rapid technological development, programming languages are springing up like mushrooms after a rain. One of the languages that has attracted much attention is the Go language, which is loved by many developers for its simplicity, efficiency, concurrency safety and other features. The Go language is known for its strong ecosystem with many excellent open source projects. This article will introduce five selected Go language open source projects and lead readers to explore the world of Go language open source projects. KubernetesKubernetes is an open source container orchestration engine for automated
The wide application of Linux in the field of cloud computing
Mar 20, 2024 pm 04:51 PM
The wide application of Linux in the field of cloud computing With the continuous development and popularization of cloud computing technology, Linux, as an open source operating system, plays an important role in the field of cloud computing. Due to its stability, security and flexibility, Linux systems are widely used in various cloud computing platforms and services, providing a solid foundation for the development of cloud computing technology. This article will introduce the wide range of applications of Linux in the field of cloud computing and give specific code examples. 1. Application virtualization technology of Linux in cloud computing platform Virtualization technology
Image from ECR to EKS not working as the resulting Pod is always 0/2
Feb 08, 2024 pm 10:39 PM
I've tried almost everything to get things on the right path but still can't get my pod to be in a usable state. So I have a basic application written in go. I created an image of my program using dockerbuild --tagdocker-gs-ping. Then I tried running the same command inside the container dockerrun --publish8080:8080docker-gs-ping and then I wanted to save my image to amazonecr, for which I Created a repository in ecr. Now, after creating the repository, I tagged the images that exist in my local. docker
