I'm trying to figure out how to connect to Azure Blob Storage, Azure PostgreSQL Database, and Azure Event Hub from containers running on Azure Kubernetes Service (AKS). All of these services were set up using an ARM template. What are the best practices for establishing these connections?
4 Answers
The ideal approach is to utilize PrivateLink along with a Managed Identity for secure access. When you have it set up, make sure to disable any public endpoints for those resources. You should also turn off local authentication methods in favor of Azure RBAC and managed identities.
You should definitely look into using the Azure SDK along with the appropriate SQL driver for your PostgreSQL. Also, consider using Workload Identity for the permissions needed to access these services. If you’re having connection issues, double-check your network settings to make sure everything is configured correctly.
Using managed identities is the way to go. Set up a managed identity, give it the appropriate permissions like blob contributor, and then assign that identity to your containers in AKS. It simplifies access significantly!
For authentication, instead of embedding secrets in your app, use managed identities. Set up Pod Identity in AKS and ensure you have the right RBAC permissions for accessing each service across your setup.
Absolutely, combining it with workload identity makes things even smoother. You can find more details on how to connect using managed identity in the Azure docs!