How to attach a second ACR to my AKS cluster?

Question

The document describes how to attach an ACR to existing AKS cluster, https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration

• How do I attach a second ACR to my AKS cluster?
• The ACR has a different subscription.

attach the first ACR:

az account set --subscription acr-subscription
$ACR_ID = $(az acr show --name $ACRName  --resource-group $ACRResourceGroupName --query "id" --output tsv)
az account set --subscription aks-subscription
az aks update --name cluster-name --resource-group cluster-resource --attach-acr $ACR_ID

Answer 1

Based on this StackOverFLow question, this should work as long as your ID is in the right format

echo $(az acr show --name $name --resource-group $resourcegroup --query "id" --output tsv)

returns the right format and value.

the code associated with --attach-acr simply add the acrpull IAM role to the ACR resource using the identity_profile ID associated to the kubernetes cluster.

https://github.com/Azure/azure-cli/blob/a9fe6167381b53dac19a3007f726adf27b64f28b/src/azure-cli/azure/cli/command_modules/acs/custom.py#L559

there is no where in the code where it checks if another ACR was previous attached to the AKS resource. Therefore, it should be able to set the role assignment directly for multiple instances.

this should work properly

az account set --subscription acr-subscription
$ACR_ID = $(az acr show --name $ACRName  --resource-group $ACRResourceGroupName --query "id" --output tsv)

az account set --subscription acr2-subscription
$ACR2_ID = $(az acr show --name $ACR2Name  --resource-group $ACR2ResourceGroupName --query "id" --output tsv)

az account set --subscription aks-subscription
az aks update --name cluster-name --resource-group cluster-resource --attach-acr $ACR_ID
az aks update --name cluster-name --resource-group cluster-resource --attach-acr $ACR2_ID