From 4e32147abaecafabae9509f571b10563d80af5b6 Mon Sep 17 00:00:00 2001
From: Deli Liu <deli.liu@hexagon.com>
Date: Thu, 25 Nov 2021 09:12:39 +0800
Subject: [PATCH] save

---
 deploy/k8s/helm/allrelated.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/deploy/k8s/helm/allrelated.sh b/deploy/k8s/helm/allrelated.sh
index 937fc6803..75a109846 100644
--- a/deploy/k8s/helm/allrelated.sh
+++ b/deploy/k8s/helm/allrelated.sh
@@ -115,8 +115,14 @@ kubectl apply -f sql-service1.yaml
 
 helm uninstall $(helm ls --filter eshop -q) --dry-run
 
+# https://github.com/dotnet-architecture/eShopOnContainers/issues/1513
 #azure devops pipeline
 # https://github.com/dotnet-architecture/eShopOnContainers/tree/main/build/azure-devops
+#https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml
+#  Project settings > Service connections.
+# Select + New service connection, select the type of service connection that you need, and then select Next.
+# create a new docker Registry service heigooRegistry with other docker registry option
+# using service principal id and password username/password: 7a304605-08fa-47e2-adea-49d529dcabc4/kv59J2RHiknv-v_uLzQIj37_zHjvX4QgZc
 
 
 
@@ -149,7 +155,32 @@ helm uninstall $(helm ls --filter eshop -q) --dry-run
 
 
 
+####service principle
+#!/bin/bash
+# This script requires Azure CLI version 2.25.0 or later. Check version with `az --version`.
 
+# Modify for your environment.
+# ACR_NAME: The name of your Azure Container Registry
+# SERVICE_PRINCIPAL_NAME: Must be unique within your AD tenant
+ACR_NAME=heigoo
+SERVICE_PRINCIPAL_NAME=acr-service-principal
+
+# Obtain the full registry ID for subsequent command args
+ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query "id" --output tsv)
+
+# Create the service principal with rights scoped to the registry.
+# Default permissions are for docker pull access. Modify the '--role'
+# argument value as desired:
+# acrpull:     pull only
+# acrpush:     push and pull
+# owner:       push, pull, and assign roles
+PASSWORD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpush --query "password" --output tsv)
+USER_NAME=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv)
+
+# Output the service principal's credentials; use these in your services and
+# applications to authenticate to the container registry.
+echo "Service principal ID: $USER_NAME"
+echo "Service principal password: $PASSWORD"