Showing posts from January, 2021

Azure Kubernetes Service (AKS) and Managed Identities

In this blog I will be exploring the use of Azure Manged Identities in Azure Kubernetes Service (AKS).  We will then discuss how we can use managed identities according to security best practice. We will look at how we configure the managed identities for the AKS cluster so it can in turn manage other Azure resources.  We will explore how we can configure managed identities for our services/applications that are running on AKS so pods can reach out to other Azure services. Managed Identities Why are we using managed identities? The alternative is to use Service Principal accounts (SPNs). The issues with SPNs is you have a client secret which you have to manage and keep secure. Your cluster apps and services will need to access the SPNs you have created so this means potentially saving it in a few places so it is available to CI/CD pipelines. The secret attached to an SPN rotates so you need to ensure it is valid to ensure your cluster and services continue to run. Managed identi