Azure Managed Application with AKS and deployment-time or cross-tenant role assignments to VM and Pod Managed Identities
In the following series of four videos, we look at a more advanced and “experimental” Azure Managed Application that deploys Azure Kubernetes Service (AKS), Azure Managed Identity, and performs some cross-resource group role assignments. We also walk through with using Azure Instance Metadata Service and AKS Pod Identity to obtain access tokens for interacting with Azure Data Lake Storage and ARM REST APIs.
Before diving into the videos below, you may first want to watch the two videos in “Simple Azure Managed Application: creating, testing, and publishing in Partner Center”.
You can see most of the sample commands and ARM templates used in the videos at https://github.com/arsenvlad/azure-managed-app-aks-managed-identity.
Important: As we’ll discuss in the first video below, currently (August 2021), there are some capability-gaps when Azure Managed Application deploys an AKS resource. Before developing Azure Managed Application that includes AKS or containers, please review the document “Usage of Azure Kubernetes Services (AKS) and containers in managed application” which lists important rules and limitations.
Reminder: When building your Azure Application ARM templates for submission to Azure Marketplace, please make sure to carefully follow all of the guidelines and best practices described here and be ready to make fixes and changes based on manual review feedback.
Video #1 of 4: Azure Managed Application with AKS and deployment-time Role Assignments to Managed Identities
Tip: Play the video full screen.
Video #2 of 4: Using AKS node’s managed identity to access Azure Data Lake Storage in Azure Managed Application resource group
Tip: Play the video full screen.
Video #3 of 4: Adding cross-tenant role assignments for Managed Identity in Azure Managed Application
Tip: Play the video full screen.
Video #4 of 4: Using AKS Pod-specific Identity to make ARM REST API calls to resources in Azure Managed Application Resource Group
Tip: Play the video full screen.
Related Video: Refreshing Azure Managed Application Permissions
You may also want to review a related video about “Refreshing Azure Managed Application permissions and using Managed App’s Identity”.
Thank you!
Please leave feedback and questions below or on Twitter https://twitter.com/ArsenVlad
