how to view attached ACR in AKS clusters in Azure
I am afraid you cannot see the attached ACR in the cluster UI portal.
When you attached the ACR to the AKS cluster using az aks update --attach-acr command.
It just assigned the ACR's AcrPull role to the service principal associated to the AKS Cluster. See here for more information.
You can get the service principal which associated to the AKS Cluster by command az aks list
See below screenshot. The AcrPull role was assigned to the service principal associated to the AKS Cluster.
If you want to use Azure CLI to check which ACR is attached to the AKS cluster. You can list all the ACRs. And then loop through the ACRs to check which one has assigned the AcrPull role to the AKS service principal. See below example:
# list all the ACR and get the ACR idaz acr listaz role assignment list --assignee <Aks service principal ID> --scope <ACR ID>
Actually, the parameter --attach-acr in the command just grant the role ACRPull to the service principal of the AKS. There is no difference from before. You only can see the service principal of the AKS. Currently, the CLI command az role assignment list cannot get the ACR directly if you do not know the ACR scope already. But you can get the principal ID first like this:
az aks show --resource-group groupName --name aksName --query identityProfile.kubeletidentity.objectIdAnd then use the CLI command to get the resource Id of the ACR:
az rest --method get --uri "https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01" --uri-parameters "\$filter=principalId eq 'objectId'" --query "value[0].properties.scope"If you know the ACR resource Id, I think you know which ACR attached to the AKS clearly.
The az aks check-acr command checks if a certain ACR is available from a specific AKS.
You have to provide both the ACR and AKS as argument, so this is not good for discovery.
You can build a small script around this that queries multiple subscriptions for their registered ACRs (you cannot pass multiple subscription argument to az acr list --subscription, you have to query the Subscriptions one-by-one), build an aggregated table of the ACRs then pass those values in a loop to az aks check-acr.