This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
az group create --name aks2akvrg --location eastus | |
az aks create --resource-group aks2akvrg --name myk8s --node-count 1 --generate-ssh-keys --enable-managed-identity --network-plugin azure | |
az aks get-credentials --resource-group aks2akvrg --name myk8s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
az keyvault create --name "myk8skv" --resource-group "aks2akvrg" --location eastus | |
az keyvault secret set --vault-name "myk8skv" --name "ExamplePassword" --value "hVFkk965BuUv" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
helm repo add csi-secrets-store-provider-azure https://azure.github.io/secrets-store-csi-driver-provider-azure/charts | |
helm install csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --generate-name --set secrets-store-csi-driver.syncSecret.enabled=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clientId=`az aks show --name myk8s --resource-group aks2akvrg |jq -r .identityProfile.kubeletidentity.clientId` | |
nodeResourceGroup=`az aks show --name myk8s --resource-group aks2akvrg |jq -r .nodeResourceGroup` | |
subId=`az account show | jq -r .id` | |
az role assignment create --role "Managed Identity Operator" --assignee $clientId --scope /subscriptions/$subId/resourcegroups/aks2akvrg | |
az role assignment create --role "Managed Identity Operator" --assignee $clientId --scope /subscriptions/$subId/resourcegroups/$nodeResourceGroup | |
az role assignment create --role "Virtual Machine Contributor" --assignee $clientId --scope /subscriptions/$subId/resourcegroups/$nodeResourceGroup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
helm repo add aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts | |
helm install pod-identity aad-pod-identity/aad-pod-identity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
clientId=`az identity show --name aks2kvIdentity --resource-group aks2akvrg |jq -r .clientId` | |
principalId=`az identity show --name aks2kvIdentity --resource-group aks2akvrg |jq -r .principalId` | |
subId=`az account show | jq -r .id` | |
az role assignment create --role "Reader" --assignee $principalId --scope /subscriptions/$subId/resourceGroups/aks2akvrg/providers/Microsoft.KeyVault/vaults/myk8skv | |
az keyvault set-policy -n myk8skv --secret-permissions get --spn $clientId | |
az keyvault set-policy -n myk8skv --key-permissions get --spn $clientId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: aadpodidentity.k8s.io/v1 | |
kind: AzureIdentity | |
metadata: | |
name: "aks-kv-identity" | |
spec: | |
type: 0 | |
resourceID: /subscriptions/<subscription id>/resourcegroups/aks2akvrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks2kvIdentity | |
clientID: "<clientId>" | |
--- | |
apiVersion: aadpodidentity.k8s.io/v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 | |
kind: SecretProviderClass | |
metadata: | |
name: spc-myk8skv | |
spec: | |
provider: azure | |
secretObjects: | |
- secretName: test-secret | |
data: | |
- key: key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: inject-secrets-from-akv | |
labels: | |
aadpodidbinding: azure-pod-identity-binding-selector | |
spec: | |
containers: | |
- name: nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
... | |
using Microsoft.Extensions.Logging.Abstractions; | |
using Microsoft.Extensions.Logging; | |
public class Tester | |
{ | |
[Fact] | |
public void TestSomeClassThatUsesLogging() |
OlderNewer