Skip to content

Commit 3ee6dc9

Browse files
authored
Merge pull request #287555 from xfz11/xf/akssql
add workload id in tutorial-python-aks-sql-database-connection-string.md
2 parents 625aab8 + 4d02e5f commit 3ee6dc9

File tree

2 files changed

+67
-3
lines changed

2 files changed

+67
-3
lines changed

articles/service-connector/tutorial-python-aks-sql-database-connection-string.md

Lines changed: 57 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ ms.author: malev
88
ms.service: service-connector
99
ms.topic: tutorial
1010
ms.date: 07/23/2024
11+
zone_pivot_group_filename: service-connector/zone-pivot-groups.json
12+
zone_pivot_groups: aks-authtype
1113
---
1214

1315
# Tutorial: Connect an AKS app to Azure SQL Database (preview)
@@ -21,8 +23,6 @@ In this tutorial, you learn how to connect an application deployed to AKS, to an
2123
> * Update your application code
2224
> * Clean up Azure resources.
2325
24-
> [!WARNING]
25-
> Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable. See the [tutorial using a managed identity](tutorial-python-aks-storage-workload-identity.md).
2626

2727
## Prerequisites
2828

@@ -62,7 +62,59 @@ az provider register --namespace Microsoft.KubernetesConfiguration
6262

6363
### Create a new connection
6464

65-
Create a service connection between your AKS cluster and your SQL database in the Azure portal or the Azure CLI.
65+
::: zone pivot="workload-id"
66+
67+
Create a service connection between your AKS cluster and your SQL database using Microsoft Entra Workload ID
68+
69+
### [Azure portal](#tab/azure-portal)
70+
71+
1. In the [Azure portal](https://portal.azure.com/), navigate to your AKS cluster resource.
72+
2. Select **Settings** > **Service Connector (Preview)** > **Create**.
73+
3. On the **Basics** tab, configure the following settings:
74+
75+
* **Kubernetes namespace**: Select **default**.
76+
* **Service type**: Select **SQL Database**.
77+
* **Connection name**: Use the connection name provided by Service Connector or enter your own connection name.
78+
* **Subscription**: Select the subscription that includes the Azure SQL Database service.
79+
* **SQL server**: Select your SQL server.
80+
* **SQL database**: Select your SQL database.
81+
* **Client type**: The code language or framework you use to connect to the target service, such as **Python**.
82+
83+
:::image type="content" source="media/tutorial-ask-sql/create-connection.png" alt-text="Screenshot of the Azure portal showing the form to create a new connection to a SQL database in AKS.":::
84+
85+
4. Select **Next: Authentication**. On the **Authentication** tab, select **Workload Identity** and choose one **User assigned managed identity**.
86+
5. Select **Next: Networking** > **Next: Review + create** >**Create On Cloud Shell**.
87+
6. The Cloud Shell will be launched and execute the commands to create a connection. You may need to confirm some configuration changes during the command processing. Once command runs successfully, it will show connection information, and you can click refresh button in **Service Connector** pane to show the latest result.
88+
89+
### [Azure CLI](#tab/azure-cli)
90+
91+
Create a service connection to the SQL database using the [`az aks connection create sql`](/cli/azure/aks/connection/create#az-aks-connection-create-sql) command. You can run this command in two different ways:
92+
93+
* generate the new connection step by step.
94+
95+
```azurecli-interactive
96+
az aks connection create sql
97+
```
98+
99+
* generate the new connection at once. Make sure you replace the following placeholders with your own information: `<source-subscription>`, `<source_resource_group>`, `<cluster>`, `<target-subscription>`, `<target_resource_group>`, `<server>`, `<database>`, and `<***>`.
100+
101+
```azurecli-interactive
102+
az aks connection create sql \
103+
--source-id /subscriptions/<source-subscription>/resourceGroups/<source_resource_group>/providers/Microsoft.ContainerService/managedClusters/<cluster> \
104+
--target-id /subscriptions/<target-subscription>/resourceGroups/<target_resource_group>/providers/Microsoft.Sql/servers/<server>/databases/<database> \
105+
--workload-identity /subscriptions/<identity-subscription>/resourcegroups/<resource_group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity_name>
106+
```
107+
108+
---
109+
110+
::: zone-end
111+
112+
::: zone pivot="connection-string"
113+
114+
> [!WARNING]
115+
> Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable. Select the authentication method *[Workload ID (Recommended)](tutorial-python-aks-sql-database-connection-string.md?pivots=workload-id#create-a-new-connection)*.
116+
117+
Create a service connection between your AKS cluster and your SQL database using a connection string
66118
67119
### [Azure portal](#tab/azure-portal)
68120
@@ -105,6 +157,8 @@ Create a service connection to the SQL database using the [`az aks connection cr
105157
106158
---
107159
160+
::: zone-end
161+
108162
## Update your container
109163
110164
Now that you created a connection between your AKS cluster and the database, you need to retrieve the connection secrets and deploy them in your container.

articles/service-connector/zone-pivot-groups.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,3 +24,13 @@ groups:
2424
title: Connection string
2525
- id: service-principal
2626
title: Service principal
27+
28+
- id: aks-authtype
29+
title: Select an authentication method
30+
prompt: Select an authentication method
31+
pivots:
32+
- id: workload-id
33+
title: Workload ID (Recommended)
34+
- id: connection-string
35+
title: Connection string
36+

0 commit comments

Comments
 (0)