Azure – Register An Application in AD and Generate App Password

How to guide, in Azure register an application in AD and generate app password

In the Azure portal, browse to Azure Active Directory > App Registrations

New Registration

Enter Application details and account types

Next Click > Certificates & Secrets > New client secret

Enter description and Expirey > Click Add

Make sure to copy the value. You can then sign in as the application with the App ID and value.

Azure – Create Kubernetes Cluster with ACR Integration

How to create a Kubernetes Cluster with ACR Integration and Service Principal Authentication.

Create Kubernetes Cluster, Select the Kubernetes Services Blade> Cloud Shell

You will be prompted for storage if not already configured

Type “az” to use Azure CLI

Run script from Microsoft docs here

Create a new AKS cluster with ACR integration. If you haven’t got a service principal created, skip to the next section before creating the AKS cluster

# set this to the name of your Azure Container Registry. It must be globally unique

$MYACR=myContainerRegistry

# Run the following line to create an Azure Container Registry if you do not already have one

az acr create -n
$MYACR -g myContainerRegistryResourceGroup –sku basic

# Create an AKS cluster with ACR integration

az aks create -n myAKSCluster -g myResourceGroup –generate-ssh-keys –attach-acr
$MYACR

To configure Registry authentication service principals – MS doc guide to create Service Principal, (script is formatted for the Bash shell)

Create a service Principal

#!/bin/bash
# Modify for your environment.
# ACR_NAME: The name of your Azure Container Registry
# SERVICE_PRINCIPAL_NAME: Must be unique within your AD tenant
ACR_NAME=<container-registry-name>
SERVICE_PRINCIPAL_NAME=acr-service-principal
# Obtain the full registry ID for subsequent command args
ACR_REGISTRY_ID=$(az acr show --name
				$ACR_NAME --query id --output tsv)
# Create the service principal with rights scoped to the registry.
# Default permissions are for docker pull access. Modify the '--role'
# argument value as desired:
# acrpull:     pull only
# acrpush:     push and pull
# owner:       push, pull, and assign roles
SP_PASSWD=$(az
				ad
				sp create-for-rbac --name http://$SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpull --query password --output tsv)
SP_APP_ID=$(az
				ad
				sp
				show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)
# Output the service principal's credentials; use these in your services and
# applications to authenticate to the container registry.
echo "Service principal ID: $SP_APP_ID"
echo "Service principal password: $SP_PASSWD"

The author does not verify any of the scripts are test and everything should be done in Dev only.