k8s/AzureAKS
Links https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli
- SP - Service principal - used by the k8s cluster
NOTE:
![/!\](/moin_static1911/modern/img/alert.png "/!\")
only valid for 1 year - rotate credentials - Saved on azure node(vm) at /etc/kubernetes/azure.json
- If created with az aks create, saved on laptop at ~/.azure/aksServicePrincipal.json
- got to delete SP, on cluster deletion, not done for you. query for your clusters servicePrincipalProfile.clientId and then delete it using the az ad sp delete
- Give it roles/access e.g.
- Access to Azure Container registry to pull images
- Access storage in different RG
- Access IP in different RG