You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/trusted-access-feature.md
+5-40Lines changed: 5 additions & 40 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,20 +4,18 @@ description: Learn how to use the Trusted Access feature to give Azure resources
4
4
author: schaffererin
5
5
ms.topic: article
6
6
ms.custom: devx-track-azurecli
7
-
ms.date: 12/04/2023
7
+
ms.date: 03/05/2024
8
8
ms.author: schaffererin
9
9
---
10
10
11
-
# Get secure access for Azure resources in Azure Kubernetes Service by using Trusted Access (preview)
11
+
# Get secure access for Azure resources in Azure Kubernetes Service by using Trusted Access
12
12
13
13
Many Azure services that integrate with Azure Kubernetes Service (AKS) need access to the Kubernetes API server. To avoid granting these services admin access or making your AKS clusters public for network access, you can use the AKS Trusted Access feature.
14
14
15
-
This feature gives services secure access to AKS and Kubernetes by using the Azure back end without requiring a private endpoint. Instead of relying on identities that have [Microsoft Entra](../active-directory/fundamentals/active-directory-whatis.md) permissions, this feature can use your system-assigned managed identity to authenticate with the managed services and applications that you want to use with your AKS clusters.
15
+
This feature gives services secure access to AKS API server by using the Azure back end without requiring a private endpoint. Instead of relying on identities that have [Microsoft Entra](../active-directory/fundamentals/active-directory-whatis.md) permissions, this feature can use your system-assigned managed identity to authenticate with the managed services and applications that you want to use with your AKS clusters.
16
16
17
17
This article shows you how to get secure access for your Azure services to your Kubernetes API server in AKS by using Trusted Access.
18
18
19
-
[!INCLUDE [preview features callout](./includes/preview/preview-callout.md)]
20
-
21
19
> [!NOTE]
22
20
> The Trusted Access API is generally available. We provide general availability (GA) support for the Azure CLI, but it's still in preview and requires using the aks-preview extension.
23
21
@@ -35,46 +33,12 @@ You can use Trusted Access to give explicit consent to your system-assigned mana
35
33
36
34
* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
37
35
* Resource types that support [system-assigned managed identity](../active-directory/managed-identities-azure-resources/overview.md).
38
-
* If you're using the Azure CLI, the aks-preview extension version 0.5.74 or later is required.
36
+
* Azure CLI version 2.53.0 or later. Run `az --version` to find your version. If you need to install or upgrade, see [Install Azure CLI][azure-cli-install].
39
37
* To learn what roles to use in different scenarios, see these articles:
40
38
*[Azure Machine Learning access to AKS clusters with special configurations](https://github.com/Azure/AML-Kubernetes/blob/master/docs/azureml-aks-ta-support.md)
41
39
*[What is Azure Kubernetes Service backup?][aks-azure-backup]
42
40
*[Turn on an agentless container posture](../defender-for-cloud/concept-agentless-containers.md)
43
41
44
-
## Get started
45
-
46
-
First, install the aks-preview extension:
47
-
48
-
```azurecli
49
-
az extension add --name aks-preview
50
-
```
51
-
52
-
Run the following command to update to the latest version of the extension:
53
-
54
-
```azurecli
55
-
az extension update --name aks-preview
56
-
```
57
-
58
-
Then, register the TrustedAccessPreview feature flag by using the [az feature register][az-feature-register] command.
59
-
60
-
Here's an example:
61
-
62
-
```azurecli-interactive
63
-
az feature register --namespace "Microsoft.ContainerService" --name "TrustedAccessPreview"
64
-
```
65
-
66
-
It takes a few minutes for the status to appear as **Registered**. Verify the registration status by using the [az feature show][az-feature-show] command:
67
-
68
-
```azurecli-interactive
69
-
az feature show --namespace "Microsoft.ContainerService" --name "TrustedAccessPreview"
70
-
```
71
-
72
-
When the status is **Registered**, refresh the registration of the Microsoft.ContainerService resource provider by using the [az provider register][az-provider-register] command:
73
-
74
-
```azurecli-interactive
75
-
az provider register --namespace Microsoft.ContainerService
76
-
```
77
-
78
42
## Create an AKS cluster
79
43
80
44
In the same subscription as the Azure resource that you want to access the cluster, [create an AKS cluster](tutorial-kubernetes-deploy-cluster.md).
@@ -171,3 +135,4 @@ az aks trustedaccess rolebinding delete --name <role binding name> --resource-gr
0 commit comments