Question 126 of 296 from exam AZ-400: Designing and Implementing Microsoft DevOps Solutions

Question 126 of 296 from exam AZ-400: Designing and Implementing Microsoft DevOps Solutions

Prev Question Next Question

Question

DRAG DROP -

You plan to use Azure Kubernetes Service (AKS) to host containers deployed from images hosted in a Docker Trusted Registry.

You need to recommend a solution for provisioning and connecting to AKS. The solution must ensure that AKS is RBAC-enabled and uses a custom service principal.

Which three commands should you recommend be run in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

Select and Place:

Explanations

Step 1 : az acr create -

An Azure Container Registry (ACR) can also be created using the new Azure CLI. az acr create

--name <REGISTRY_NAME>

--resource-group <RESOURCE_GROUP_NAME>

--sku Basic

Step 2: az ad sp create-for-rbac

Once the ACR has been provisioned, you can either enable administrative access (which is okay for testing) or you create a Service Principal (sp) which will provide a client_id and a client_secret. az ad sp create-for-rbac

--scopes /subscriptions/<SUBSCRIPTION_ID>/resourcegroups/<RG_NAME>/providers/Microsoft.ContainerRegistry/registries/<REGISTRY_NAME>

--role Contributor

--name <SERVICE_PRINCIPAL_NAME>

Step 3: kubectl create -

Create a new Kubernetes Secret.

kubectl create secret docker-registry <SECRET_NAME>

--docker-server <REGISTRY_NAME>.azurecr.io

--docker-email <YOUR_MAIL>

--docker-username=<SERVICE_PRINCIPAL_ID>

--docker-password <YOUR_PASSWORD>

https://thorsten-hans.com/how-to-use-private-azure-container-registry-with-kubernetes
Prev Question Next Question