Azure Kubernetes Service (AKS) with Bring-Your-Own Identity (BYOID)

# register for the Kubelet identity feature
- az feature register --namespace Microsoft.ContainerService -n CustomKubeletIdentityPreview
# check the registering status
- az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/CustomKubeletIdentityPreview')].{Name:name,State:properties.state}"
# register AKS resource provider
- az provider register --namespace Microsoft.ContainerService
# create a resource group
- az group create -n RG-BYOIDAKS -l westus2
# create an user-assigned MI for control plane and note down the resource ID
- az identity create --name jonwcontrolplaneid -g RG-BYOIDAKS
# create another user-assigned MI for Kubelet and note down the resource ID
- az identity create --name jonwkubeletid -g RG-BYOIDAKS
# create a virtual network and subnet and note down the subnet resource ID
- az network vnet create -g RG-BYOIDAKS --address-prefix 10.0.0.0/8 --subnet-name Subnet-BYOIDAKS --subnet-prefix 10.0.0.0/16
# create an AKS cluster with 2 user-assigned MI
- az aks create \
-g RG-BYOIDAKS \
-n jonwbyoidaks \
--network-plugin azure \
--vnet-subnet-id /subscriptions/xxx/resourceGroups/RG-BYOIDAKS/providers/Microsoft.Network/virtualNetworks/VNet-BYOIDAKS/subnets/Subnet-BYOIDAKS \
--docker-bridge-address 172.17.0.1/16 \
--dns-service-ip 10.2.0.10 \
--service-cidr 10.2.0.0/24 \
--enable-managed-identity \
--assign-identity /subscriptions/xxx/resourcegroups/RG-BYOIDAKS/providers/Microsoft.ManagedIdentity/userAssignedIdentities/jonwcontrolplaneid \
--assign-kubelet-identity /subscriptions/xxx/resourcegroups/RG-BYOIDAKS/providers/Microsoft.ManagedIdentity/userAssignedIdentities/jonwkubeletid
# check AKS identity details
- az aks show -g RG-BYOIDAKS -n jonwbyoidaks | grep identity -A10

--

--

--

Learning new things about Kubernetes every day. Hopefully, the learning notes could help people on the same journey!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Don’t Fall For PMP Exam Trick Questions!

Using Regular Expressions within Visual Studio 2022 Find&Replace

JavaScript Bootcamp for Schoolchildren

GPU Accelerated Cyber Log Parsing with RAPIDS

Ansible configuration for docker postgresql

#100DaysOfCode Day 9: Adding Authentication and Authorization

Searching For Files

Certified Kubernetes Security Specialist (CKS) Preparation Part 8 — Runtime Security & System…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jonathan

Jonathan

Learning new things about Kubernetes every day. Hopefully, the learning notes could help people on the same journey!

More from Medium

Use Terraform and Azure DevOps to Provision Azure Kubernetes Service (AKS)

Self-Host Your Azure Pipeline Agents in Kubernetes and Scale Them On Demand

Azure CLI is broken Again

Creating an AKS Cluster With Application Gateway (AGIC)