Request for `attach-acr` option for `containerservice.azure.upbound.io` resource

crossplane-contrib / provider-upjet-azure

Official Azure Provider for Crossplane by Upbound.

Apache License 2.0

59 stars 75 forks source link

Request for `attach-acr` option for `containerservice.azure.upbound.io` resource #774

Open santhoshbhandari3008 opened 3 months ago

santhoshbhandari3008 commented 3 months ago

What resource do you need?

Terraform Resource Name:

--attach-acr

What is your use case?

I am trying to setup a secure kubernetes cluster with Azure Container Registry. There is an option to attach the registry to the kubernetes cluster from the API but we are missing that option in our code. Is there any limitations for attaching the container registry from crossplane/terraform? As I can see the option from the azure client

knutejohKLP commented 3 months ago

Have you looked at the terraform documentation? https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry#example-usage-attaching-a-container-registry-to-a-kubernetes-cluster So bascially you just create a role binding to the acr for the generated identity for the cluster.

illrill commented 2 months ago

@knutejohKLP is right. The only thing that --attach-acr does is to grant the Kubelet identity the AcrPull role on the ACR. A workaround is to do that yourself with a RoleAssignment MR (it can be done asynchronously, i.e. doesn't need to happen at cluster creation).