Home » Microsoft » AZ-400 v.2 » Which three commands should you recommend be run in sequence?
DRAG DROP
You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.
You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom service principal.
Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Explanation/Reference:
Explanation:
Step 1 : az acr create
An Azure Container Registry (ACR) can also be created using the new Azure CLI. az acr create
–name <REGISTRY_NAME>
–resource-group <RESOURCE_GROUP_NAME>
–sku Basic
Step 2: az ad sp create-for-rbac
Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret. az ad sp create-for-rbac
–scopes /subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RG_NAME>/providers/Microsoft.ContainerRegistry/registries/<REGISTRY_NAME>
–role Contributor
–name <SERVICE_PRINCIPAL_NAME>
Step 3: kubectl create
Create a new Kubernetes Secret. kubectl create secret docker-registry <SECRET_NAME>
–docker-server <REGISTRY_NAME>.azurecr.io
–docker-email <YOUR_MAIL>
–docker-username=<SERVICE_PRINCIPAL_ID>
–docker-password <YOUR_PASSWORD>
References:
https://thorsten-hans.com/how-to-use-private-azure-container-registry-with-kubernetes
Based on this documentation: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli
az ad sp create-for-rbac
az aks create \
az role assignment create