diff --git a/infra/azure/terraform/capz/identities/main.tf b/infra/azure/terraform/capz/identities/main.tf index 37504cf9645..1facb2a88bf 100644 --- a/infra/azure/terraform/capz/identities/main.tf +++ b/infra/azure/terraform/capz/identities/main.tf @@ -22,6 +22,10 @@ variable "location" { type = string } +variable "container_registry_private_scope" { + type = string +} + resource "azurerm_user_assigned_identity" "cloud_provider_user_identity" { name = "cloud-provider-user-identity" location = var.location @@ -40,6 +44,12 @@ resource "azurerm_user_assigned_identity" "gmsa_user_identity" { resource_group_name = var.resource_group_name } +resource "azurerm_role_assignment" "acr_pull_private" { + principal_id = azurerm_user_assigned_identity.cloud_provider_user_identity.principal_id + role_definition_name = "AcrPull" + scope = var.container_registry_private_scope +} + output "cloud_provider_user_identity_id" { value = azurerm_user_assigned_identity.cloud_provider_user_identity.principal_id } diff --git a/infra/azure/terraform/capz/main.tf b/infra/azure/terraform/capz/main.tf index 7a4c16de0e3..ff0ebdc019e 100644 --- a/infra/azure/terraform/capz/main.tf +++ b/infra/azure/terraform/capz/main.tf @@ -88,6 +88,7 @@ module "identities" { source = "./identities" resource_group_name = var.resource_group_name location = var.location + container_registry_private_scope = module.container_registry.e2eprivate_registry_id depends_on = [azurerm_resource_group.capz_ci] }