updates aks bicepf or acr pull role

Azure · Jun 11, 2024 · 9fe1c00 · 9fe1c00
1 parent ae50ab0
commit 9fe1c00
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/dev-infrastructure/modules/aks-cluster-base.bicep b/dev-infrastructure/modules/aks-cluster-base.bicep
@@ -49,6 +49,11 @@ var networkContributorRoleId = subscriptionResourceId(
   '4d97b98b-1d4f-4787-a291-c67834d212e7'
 )
 
+var acrPullRoleDefinitionId = subscriptionResourceId(
+  'Microsoft.Authorization/roleDefinitions',
+  '7f951dda-4ed3-4680-a7ca-43fe172d538d'
+)
+
 // Main
 // Tags the subscription
 resource subscriptionTags 'Microsoft.Resources/tags@2024-03-01' = {
@@ -333,6 +338,15 @@ resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-01-01' = {
   }
 }
 
+resource acrPullRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(resourceGroup().id, aksCluster.id, acrPullRoleDefinitionId)
+  properties: {
+    principalId: aksCluster.properties.identityProfile.kubeletidentity.objectId
+    roleDefinitionId: acrPullRoleDefinitionId
+    principalType: 'ServicePrincipal'
+  }
+}
+
 resource uami 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = [
   for wi in workloadIdentities: {
     location: location