Azure Insights: AKS cluster deployments; AD Connect bug fix; Validating Terraform code

August 7 2020

Microsoft Azure pros share their insights on AKS cluster deployments with managed identity, a new AD Connect bug fix and validating Terraform code during a pull request.

Deploying an AKS cluster with managed identity

Daniel Neumann, writing on Daniel's Tech Blog described a recent experience updating a Terraform AKS module, switching from Azure Active Directory service principal to managed identity while simultaneously switching from AD v1 to v2, which is managed. In its latest round of updates, Microsoft added improvements such as private cluster support, managed control plane SKU tier support, Windows node pool support, node labels support and a parameterized add-on profile section.

For users, the big benefit of the shift to managed identity is less regular credential support. He shared code samples to give fellow users a sense of what to expect when deploying the new module. Users should be aware that RBAC role assignment for managed identity is different than with service principal. He wrote:

For the necessary permissions on the Virtual Network subnet you use the AKS cluster managed identity. Allowing the AKS cluster to pull images from your Azure Container Registry you use another managed identity that got created for all node pools called kubelet identity. Beside that when you enable the add-ons Azure Monitor for containers and Azure Policy for AKS, each add-on gets its own managed identity.

Looking into AD Connect version

About MSDW Reporter

More about MSDW Reporter