I'm trying to figure out how to connect to Azure Blob Storage, Azure PostgreSQL Database, and Azure Event Hub from containers that are running on Azure Kubernetes Service (AKS). I created all of these resources using an ARM template. If you have any tips or best practices for making these connections, it would be greatly appreciated!
5 Answers
It really depends on the specific problem you're running into. Usually, you just connect with a connection string for each service. Are you getting any errors? If so, share what they are; that might help to narrow down the issue.
I recommend using managed identities for authenticating your services rather than embedding secrets within your code. Set up Pod Identity in your AKS cluster and configure RBAC to grant permissions for each resource you need to access.
To connect to these services, you’ll typically use the Azure SDK and the appropriate SQL driver for PostgreSQL. Be sure to set up Workload Identity for permissions; that's crucial. If you face issues, check your networking setup—you may need to troubleshoot that part too.
For optimal security, consider using PrivateLink combined with a Managed Identity. This way, when everything is set up correctly, you can disable public endpoints for those resources. Also, limit access methods to only Azure RBAC alongside your managed identity.
Managed identities are the way to go here. Create a managed identity and assign it the necessary permissions like Blob Contributor. Then just link that identity to your AKS containers, and it should work without much fuss.
Exactly! Pairing that with workload identity makes it seamless. Check out the Microsoft docs for details on connecting using managed identity for your PostgreSQL setup.