You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the auto-generated service principal to authenticate to the Azure Container Registry.
What should you create?
You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the auto-generated service principal to authenticate to the Azure Container Registry.
What should you create?
An Azure AD role assignment is the correct choice because it grants permissions to the service principal associated with the AKS cluster. When you create an AKS cluster, a service principal is automatically generated to support the cluster's operations, which includes accessing other Azure resources such as Azure Container Registry (ACR). To enable the AKS cluster to pull images from ACR, you need to assign the appropriate role to the service principal so it has the necessary permissions. This is achieved by creating an Azure AD role assignment that links the service principal with the required access role to the ACR.
1. When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources. 2. This service principal can already authenticate to AAD (since it was created in AAD). 3. But it needs to be RBAC permissions on the ACR Registry to pull images. To do so, you need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry.
Perfectly explained. Thanks!
B for sure. (Azure AD) role assignment
Azure AD role assignment is the closest answer but is wrong. It would be an Azure role. Not Azure AD role.
1. When you create an AKS cluster, Azure also creates a service principal to support cluster operations with other Azure resources. 2. This service principal can already authenticate to AAD (since it was created in AAD by Azure). 3. But it needs to be RBAC permissions on the ACR Registry to pull images. 4. To do so, you need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry.
# IN EXAM - 31/8/2021
the given answer is the most reasonable between the choices.
B is correct answer.
Well, what makes me confused is the word used in this question. Azure role assignment is different from Azure AD role assignment. Why does the service principal need an Azure AD role assignment? https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#service-principal https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#authentication-options https://docs.microsoft.com/en-us/azure/container-registry/authenticate-kubernetes-options https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
Correct This is a duplicate Question of Q1 topic3. Slightly different wording but same.
Given Answer is correct. Service principal must be assigned atleast Reader role to the ACR for deploying to ACI or AKS
There is one more question in the bank in topic1 qustion 20 I think here we need to assign RBAC not Azure AD ROLE
B. an Azure Active Directory (Azure AD) role assignment
Thank you for the explanation DeepMoon. The answer is: Azure AD role assignment
B. an Azure Active Directory (Azure AD) role assignment
You need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry- Answer is correct
Repeat question I believe, I wish I remembered the other question. I think it was the same "role assignment" answer though.
b is correct