Develop Reference

microsoft.containerregistry/registries' could not be found in subscription

I am geeting the error while I try to attach the Azure Container Registry to the AKS using Visual studio
syntax:
az aks update --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --attach-acr $ACR_NAME
Error:
microsoft.containerregistry/registries' could not be found in subscription
I have logged into the correct subscription and also set the correct subscription
az login --tenant $TENANT_ID
az account set --subscription $SUBSCRIPTION
az acr list also shows me the acr that is created
any possible solution for this?

Tested in my environment it is working fine for me, The error you are getting is due to you are looking into wrong subscription. When you use the CLI command az login then you log in with a default subscription. For you, it seems the "Some Other susbscription" is the default. You should check if your registry is in the current subscription. If not, you should set that subscription as the current subscription through the CLI command:
az account set --subscription subscription_id
Now would suggest you to check if the registry exists in current subscription with the CLI command:
az acr show -n acr_name
Also, you can set the subscription in the login time with the parameter --subscription through the CLI command az login.
Reference : az acr - Unable to find repository in case of multiple subscription on single account

Azure Subscription can't be found when I sign into Azure via Dockerized env

I have a strange situation where when I use a local powershell script in my visual studio project that logs in using a service principal and then is able to associate a specific subscription.
#login with service principal
az login --service-principal --username $APPLICATION_CLIENT_ID --password $SECRET --tenant $TENANT --allow-no-subscriptions
#set the subscription we want to use
az account set --subscription $SUBSCRIPTION_ID
and i'm able to create resource groups etc, once I've picked the right subscription.
Now I need to do the same thing in a Dockerized environment.
admins:~ admin$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9e507c6639a1 mcr.microsoft.com/dotnet/core/sdk:3.1 "bash" 2 days ago Up 2 days adoring_goodall
I login into the container and I run these commands:
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
apt-get install curl && curl -sL https://deb.nodesource.com/setup_12.x | bash -
apt-get install nodejs
npm install -g azure-functions-core-tools#3 --unsafe-perm true
az login --service-principal -u $APPLICATION_ID -p $SECRET --tenant $TENANT_ID --allow-no-subscriptions
This works just fine. Output I get back from the login is identical to output from my local workstation via powershell.
PS /usr/share/powershell> az login --service-principal --username $AZ_APPLICATION_CLIENT_ID --password $AZ_SECRET --tenant $TENANT --allow-no-subscriptions
{
"cloudName": "AzureCloud",
"id": "<tenantId>",
"isDefault": true,
"name": "N/A(tenant level account)",
"state": "Enabled",
"tenantId": "<tenantID>",
"user": {
"name": "<ApplicationClientID>",
"type": "servicePrincipal"
}
}
But when I try to associate the subscription, I get the following error message:
The subscription of '<subscription ID>' doesn't exist in cloud 'AzureCloud'
I've even gone ahead and install powershell on the docker container just so i can copy paste from my local ps script into the docker env. But I'm getting the same results.
Any tips?
Edit 1
In the docker container, I ran "az login"... and went ahead and authenticated my "device" at https://microsoft.com/devicelogin
Once I did that, all the commands listed above in my question started working the same way in the docker environment as it does on the actual local workstation.
I thought the idea behind creating a service principal was to avoid the "interactive" steps needed to use the az cli. how can i set things up so that when i deploy my azure function app via a script, it can run unattended? I want to be able to use dockerized containers to deploy this app to different azure tenants ..(dev, qa and production)
Going back to the drawing board / reading the docs to see what I missed but any suggestions would be appreciated.
Thanks.

As far as I know, the output of the command az login --service-principal --username $AZ_APPLICATION_CLIENT_ID --password $AZ_SECRET --tenant $TENANT --allow-no-subscriptions also includes the subscription ID like "id": "<subscriptionId>" instead of "id": "<tenantId>" in your output. You can show the default subscription with the command az account show.
I found that there are two variables $APPLICATION_CLIENT_ID and $APPLICATION_ID in your questions. Not sure you have a typo or using the wrong variable there. Please make sure you input the correct subscription id value when you run az account set -s <subscriptionId> and other parameters values via echo the environment variable value.
You can also get a list of subscriptions for the logged-in account with the command az account list and check if the subscription Id does exist in the specific tenant.
At last, you may need to re-auth the CLI with az login. Or, by comparing the Az CLI version with your local workstation, you may need to reinstall or upgrade it.
Edit
You can verify if the service principal indeed belongs to the subscription. Search the display name of App registration in the IAM of subscriptions.

az devops login inside docker container

As per docs from microsoft PAT can be used for az devops login as below
cat my_pat_token.txt | az devops login --organization https://dev.azure.com/contoso/
However, the same thing does not work when inside docker container
Here is my docker file
FROM mcr.microsoft.com/azure-cli:latest
RUN az config set extension.use_dynamic_install=yes_without_prompt
COPY my_pat_token.txt .
RUN cat my_pat_token.txt | az devops login --organization https://dev.azure.com/contoso/
I get below error message
WARNING: Unable to use secure credential store in this environment.
WARNING: Please refer to alternate methods at https://aka.ms/azure-devops-cli-auth

Azure CLI cannot conect to the Docker Daemon

I'm new with Kubernetes and Azure. I want to Deply my application and I am floowing the microsoft tutorial about kubernetes. At first I have created the resouce group and ACR instance. When I try to login in ACR console show this error:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
I'm using azure cli localy and I have docker running.

You can try below options to connect ACR :
run az acr login first with the --expose-token parameter. This option exposes an access token instead of logging in through the Docker CLI.
az acr login --name <acrName> --expose-token
Output displays the access token, abbreviated here:
{
"accessToken": "eyJhbGciOiJSUzI1NiIs[...]24V7wA",
"loginServer": "myregistry.azurecr.io"
}
For registry authentication, we recommend that you store the token credential in a safe location and follow recommended practices to manage docker login credentials. For example, store the token value in an environment variable:
TOKEN=$(az acr login --name <acrName> --expose-token --output tsv --query accessToken)
Then, run docker login, passing 00000000-0000-0000-0000-000000000000 as the username and using the access token as password:
docker login myregistry.azurecr.io --username 00000000-0000-0000-0000-000000000000 --password $TOKEN
you will get the below promt if you follow the above method :
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

Seems your Docker Desktop is not running. Make sure you installed the Docker for Desktop on your machine and start it if not. You should be good once you start.

Push docker image into azure container registries repository using powershell

I am trying to push docker image into azure container registries repository using power-shell command as follows:-
docker push containerregone.azurecr.io/azure-vote-front:V1
it gives me following error
unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
I have tried to find help related to this using following documentation
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-faq
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication
but it gives Azure CLI commands.
I have also tried to do this using following link
https://stackoverflow.com/questions/50817945/what-is-the-powershell-equivalent-to-az-acr-login#:~:text=There%20is%20no%20single%20powershell,docker%20login%20to%20log%20in.
but they are using docker login. i don't have docker login.
My Question :-
How can we accomplish this using power-shell without docker login?

I'm afraid you cannot accomplish that using PowerShell without the command docker login. Let's take a look at the command for the ACR credential.
When you use the CLI command az acr login with the ACR directly without a docker daemon running, then you will get the error similar with this:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is
the docker daemon running?
It means the CLI command az acr login depends on the docker server. When you run the CLI command az acr login --expose-token as the document shows, it just exposes the access token of the ACR without login for docker. You also need to log in yourself for docker. You can see the details here.
For the PowerShell for ACR, the only one is to get the ACR credential: Get-AzContainerRegistryCredential. But it gets the passwords for you only. It's not the access token, nor will log in for you too.
So, if you want to use PowerShell command to get the ACR credential, then you also need to log in yourself with the docker command.

Before push or pull, to azure, you need to login first by az-cli
az login
az acr login -n your-registry
or by docker
docker login your-registry.azurecr.io