You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.
What should you create?
Click on the arrows to vote for the correct answer
A. B. C. D.B
https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principalTo use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry, you need to create a role assignment.
Here's why:
When you create an AKS cluster in Azure, it automatically creates a service principal that represents the cluster. This service principal is used to authenticate the cluster to other Azure services, including the Azure Container Registry.
The Azure Container Registry supports several authentication methods, including service principals. To use the service principal for AKS to authenticate to the registry, you need to grant the service principal the appropriate permissions. You can do this by creating a role assignment that gives the service principal access to the registry.
Role assignments are used to grant permissions to Azure resources. They consist of a role definition (which specifies the permissions) and a security principal (which is granted those permissions). In this case, the security principal is the service principal for the AKS cluster, and the role definition should be one that allows the service principal to pull images from the container registry.
Therefore, the correct answer is B, a role assignment. You do not need to create a secret in Azure Key Vault, an Azure AD user, or an Azure AD group to authenticate the AKS cluster to the Azure Container Registry.