Azure Insights: AKS cluster deployments; AD Connect bug fix; Validating Terraform code

User Review
0 (0 votes)

Microsoft Azure pros share their insights on AKS cluster deployments with managed identity, a new AD Connect bug fix and validating Terraform code during a pull request.

Deploying an AKS cluster with managed identity

Daniel Neumann, writing on Daniel’s Tech Blog described a recent experience updating a Terraform AKS module, switching from Azure Active Directory service principal to managed identity while simultaneously switching from AD v1 to v2, which is managed. In its latest round of updates, Microsoft added improvements such as private cluster support, managed control plane SKU tier support, Windows node pool support, node labels support and a parameterized add-on profile section.

For users, the big benefit of the shift to managed identity is less regular credential support. He shared code samples to give fellow users a sense of what to expect when deploying the new module. Users should be aware that RBAC role assignment for managed identity is different than with service principal. He wrote:

For the necessary permissions on the Virtual Network subnet you use the AKS cluster managed identity. Allowing the AKS cluster to pull images from your Azure Container Registry you use another managed identity that got created for all node pools called kubelet identity. Beside that when you enable the add-ons Azure Monitor for containers and Azure Policy for AKS, each add-on gets its own managed identity.

Looking into AD Connect version

FREE Membership Required to View Full Content:

Become a MemberLogin

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates. 
Learn more about us here