You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-arc/includes/arc-region-note.md
+6-2Lines changed: 6 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ author: MikeRayMSFT
3
3
ms.author: mikeray
4
4
ms.service: azure-arc
5
5
ms.topic: include
6
-
ms.date: 12/13/2022
6
+
ms.date: 10/27/2023
7
7
---
8
8
9
9
To get the region segment of a regional endpoint, remove all spaces from the Azure region name. For example, *East US 2* region, the region name is `eastus2`.
@@ -12,6 +12,10 @@ For example: `san-af-<region>-prod.azurewebsites.net` should be `san-af-eastus2-
Copy file name to clipboardExpand all lines: articles/azure-arc/kubernetes/cluster-connect.md
+22-37Lines changed: 22 additions & 37 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: "Use cluster connect to securely connect to Azure Arc-enabled Kubernetes clusters."
3
-
ms.date: 10/12/2023
3
+
ms.date: 10/27/2023
4
4
ms.topic: how-to
5
5
ms.custom: devx-track-azurecli
6
6
description: "With cluster connect, you can securely connect to Azure Arc-enabled Kubernetes clusters from anywhere without requiring any inbound port to be enabled on the firewall."
@@ -19,9 +19,23 @@ Before you begin, review the [conceptual overview of the cluster connect feature
19
19
20
20
## Prerequisites
21
21
22
+
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
23
+
- An existing Azure Arc-enabled Kubernetes connected cluster.
24
+
- If you haven't connected a cluster yet, use our [quickstart](quickstart-connect-cluster.md).
25
+
-[Upgrade your agents](agent-upgrade.md#manually-upgrade-agents) to the latest version.
26
+
- In addition to meeting the [network requirements for Arc-enabled Kubernetes](network-requirements.md), enable these endpoints for outbound access:
> To translate the `*.servicebus.windows.net` wildcard into specific endpoints, use the command `\GET https://guestnotificationservice.azure.com/urls/allowlist?api-version=2020-01-01&location=<location>`. Within this command, the region must be specified for the `<location>` placeholder.
35
+
36
+
22
37
### [Azure CLI](#tab/azure-cli)
23
38
24
-
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
25
39
26
40
-[Install](/cli/azure/install-azure-cli) or [update](/cli/azure/update-azure-cli) Azure CLI to the latest version.
27
41
@@ -37,20 +51,6 @@ Before you begin, review the [conceptual overview of the cluster connect feature
37
51
az extension update --name connectedk8s
38
52
```
39
53
40
-
- An existing Azure Arc-enabled Kubernetes connected cluster.
41
-
- If you haven't connected a cluster yet, use our [quickstart](quickstart-connect-cluster.md).
42
-
-[Upgrade your agents](agent-upgrade.md#manually-upgrade-agents) to the latest version.
43
-
44
-
- In addition to meeting the [network requirements for Arc-enabled Kubernetes](network-requirements.md), enable these endpoints for outbound access:
> To translate the `*.servicebus.windows.net` wildcard into specific endpoints, use the command `\GET https://guestnotificationservice.azure.com/urls/allowlist?api-version=2020-01-01&location=<location>`. Within this command, the region must be specified for the `<location>` placeholder.
53
-
54
54
- Replace the placeholders and run the below command to set the environment variables used in this document:
55
55
56
56
```azurecli
@@ -61,24 +61,8 @@ Before you begin, review the [conceptual overview of the cluster connect feature
61
61
62
62
### [Azure PowerShell](#tab/azure-powershell)
63
63
64
-
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
65
-
66
64
- Install [Azure PowerShell version 6.6.0 or later](/powershell/azure/install-azure-powershell).
67
65
68
-
- An existing Azure Arc-enabled Kubernetes connected cluster.
69
-
- If you haven't connected a cluster yet, use our [quickstart](quickstart-connect-cluster.md).
70
-
-[Upgrade your agents](agent-upgrade.md#manually-upgrade-agents) to the latest version.
71
-
72
-
- In addition to meeting the [network requirements for Arc-enabled Kubernetes](network-requirements.md), enable these endpoints for outbound access:
> To translate the `*.servicebus.windows.net` wildcard into specific endpoints, use the command `\GET https://guestnotificationservice.azure.com/urls/allowlist?api-version=2020-01-01&location=<location>`. Within this command, the region must be specified for the `<location>` placeholder.
81
-
82
66
- Replace the placeholders and run the below command to set the environment variables used in this document:
83
67
84
68
```azurepowershell
@@ -117,13 +101,13 @@ On the existing Arc-enabled cluster, create the ClusterRoleBinding with either M
117
101
118
102
1. Authorize the entity with appropriate permissions.
119
103
120
-
- If you are using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. Example:
104
+
- If you are using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. For example:
- If you are using Azure RBAC for authorization checks on the cluster, you can create an Azure role assignment mapped to the Microsoft Entra entity. Example:
110
+
- If you are using Azure RBAC for authorization checks on the cluster, you can create an applicable [Azure role assignment](azure-rbac.md#built-in-roles) mapped to the Microsoft Entra entity. For example:
127
111
128
112
```azurecli
129
113
az role assignment create --role "Azure Arc Kubernetes Viewer" --assignee $AAD_ENTITY_OBJECT_ID --scope $ARM_ID_CLUSTER
@@ -148,15 +132,16 @@ On the existing Arc-enabled cluster, create the ClusterRoleBinding with either M
148
132
149
133
1. Authorize the entity with appropriate permissions.
150
134
151
-
- If you are using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. Example:
135
+
- If you are using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. For example:
- If you are using [Azure RBAC for authorization checks](azure-rbac.md) on the cluster,you can create an Azure role assignment mapped to the Microsoft Entra entity. Example:
141
+
- If you are using [Azure RBAC for authorization checks](azure-rbac.md) on the cluster,you can create an applicable [Azure role assignment](azure-rbac.md#built-in-roles) mapped to the Microsoft Entra entity. For example:
158
142
159
-
```azurecli
143
+
```azurepowershell
144
+
160
145
az role assignment create --role "Azure Arc Kubernetes Viewer" --assignee $AAD_ENTITY_OBJECT_ID --scope $ARM_ID_CLUSTER
161
146
az role assignment create --role "Azure Arc Enabled Kubernetes Cluster User Role" --assignee $AAD_ENTITY_OBJECT_ID --scope $ARM_ID_CLUSTER
0 commit comments