You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/service-connector/quickstart-cli-aks-connection.md
+34-33Lines changed: 34 additions & 33 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,39 +1,40 @@
1
1
---
2
-
title: Quickstart - Create a service connection in Azure Kubernetes Service (AKS) with the Azure CLI
3
-
description: Quickstart showing how to create a service connection in Azure Kubernetes Service (AKS) with the Azure CLI
2
+
title: "Quickstart: Create a Service Connection in Azure Kubernetes Service (AKS) with the Azure CLI"
3
+
description: Quickstart showing how to create a service connection in Azure Kubernetes Service (AKS) with the Azure CLI.
4
4
author: houk-ms
5
5
ms.author: honc
6
6
ms.service: service-connector
7
7
ms.topic: quickstart
8
-
ms.date: 05/06/2024
8
+
ms.date: 07/23/2025
9
9
ms.devlang: azurecli
10
10
ms.custom: devx-track-azurecli
11
+
#customer intent: As a developer who uses Azure Kubernetes Service, I want to connect my clusters to other Cloud resources, with Service Connection managing authentication and networking settings.
12
+
11
13
---
12
14
# Quickstart: Create a service connection in AKS cluster with the Azure CLI
13
15
14
-
This quickstart shows you how to connect Azure Kubernetes Service (AKS) to other Cloud resources using Azure CLI and Service Connector. Service Connector lets you quickly connect compute services to cloud services, while managing your connection's authentication and networking settings.
16
+
In this quickstart, you connect Azure Kubernetes Service (AKS) to other Cloud resources using Azure CLI and Service Connector. Service Connector lets you quickly connect compute services to cloud services. It manages your connection's authentication and networking settings.
* This quickstart requires version 2.30.0 or higher of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
21
-
* This quickstart assumes that you already have an AKS cluster. If you don't have one yet, [create an AKS cluster](/azure/aks/learn/quick-kubernetes-deploy-cli).
22
-
* This quickstart assumes that you already have an Azure Storage account. If you don't have one yet, [create an Azure Storage account](../storage/common/storage-account-create.md).
22
+
- This quickstart requires version 2.30.0 or higher of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
23
+
- This quickstart assumes that you already have an AKS cluster. If you don't have one yet, [create an AKS cluster](/azure/aks/learn/quick-kubernetes-deploy-cli).
24
+
- This quickstart assumes that you already have an Azure Storage account. If you don't have one yet, [create an Azure Storage account](../storage/common/storage-account-create.md).
23
25
24
26
## Initial set-up
25
27
26
-
1. If you're using Service Connector for the first time, start by running the command [az provider register](/cli/azure/provider#az-provider-register) to register the Service Connector and Kubernetes Configuration resource providers.
28
+
1. If you're using Service Connector for the first time, run the [az provider register](/cli/azure/provider#az-provider-register) command to register the Service Connector and Kubernetes Configuration resource providers.
27
29
28
30
```azurecli
29
-
az provider register -n Microsoft.ServiceLinker
30
-
```
31
-
```azurecli
32
-
az provider register -n Microsoft.KubernetesConfiguration
31
+
az provider register --name Microsoft.ServiceLinker
32
+
33
+
az provider register --name Microsoft.KubernetesConfiguration
33
34
```
34
35
35
36
> [!TIP]
36
-
> You can check if these resource providers have already been registered by running the commands `az provider show -n "Microsoft.ServiceLinker" --query registrationState` and `az provider show -n "Microsoft.KubernetesConfiguration" --query registrationState`.
37
+
> You can check if these resource providers are already registered by running the commands `az provider show --name "Microsoft.ServiceLinker" --query registrationState` and `az provider show --name "Microsoft.KubernetesConfiguration" --query registrationState`.
37
38
38
39
1. Optionally, use the Azure CLI command to get a list of supported target services for AKS cluster.
39
40
@@ -46,41 +47,41 @@ This quickstart shows you how to connect Azure Kubernetes Service (AKS) to other
46
47
### [Using a workload identity](#tab/Using-Managed-Identity)
47
48
48
49
> [!IMPORTANT]
49
-
> Using Managed Identity requires you have the permission to [Microsoft Entra ID role assignment](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md). If you don't have the permission, your connection creation will fail. You can ask your subscription owner for the permission or use an access key to create the connection.
50
+
> Using Managed Identity requires you have the permission to [Microsoft Entra ID role assignment](/entra/identity/managed-identities-azure-resources/how-to-assign-access-azure-resource). If you don't have the permission, your connection creation fails. You can ask your subscription owner for the permission or use an access key to create the connection.
50
51
51
52
Use the Azure CLI command to create a service connection to a Blob Storage with a workload identity, providing the following information:
52
53
53
-
***Source compute service resource group name:** the resource group name of the AKS cluster.
54
-
***AKS cluster name:** the name of your AKS cluster that connects to the target service.
55
-
***Target service resource group name:** the resource group name of the Blob Storage.
56
-
***Storage account name:** the account name of your Blob Storage.
57
-
***User-assigned identity resource ID:** the resource ID of the user assigned identity that is used to create workload identity
54
+
-**Source compute service resource group name:** the resource group name of the AKS cluster.
55
+
-**AKS cluster name:** the name of your AKS cluster that connects to the target service.
56
+
-**Target service resource group name:** the resource group name of the Blob Storage.
57
+
-**Storage account name:** the account name of your Blob Storage.
58
+
-**User-assigned identity resource ID:** the resource ID of the user assigned identity that is used to create workload identity.
58
59
59
60
```azurecli
60
61
az aks connection create storage-blob \
61
62
--workload-identity <user-identity-resource-id>
62
63
```
63
64
64
65
> [!NOTE]
65
-
> If you don't have a Blob Storage, you can run `az aks connection create storage-blob --new --workload-identity <user-identity-resource-id>"` to provision a new one and get connected to your function app straightaway.
66
+
> If you don't have a Blob Storage, you can run `az aks connection create storage-blob --new --workload-identity <user-identity-resource-id>` to provision a new one and connect it to your AKS cluster.
66
67
67
68
### [Using an access key](#tab/Using-access-key)
68
69
69
70
> [!WARNING]
70
-
> Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
71
+
> Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application. It carries risks that aren't present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
71
72
72
-
Run the following Azure CLI command to create a service connection to an Azure Blob Storage with an access key, providing the following information.
73
+
Run the following Azure CLI command to create a service connection to an Azure Blob Storage with an access key.
73
74
74
75
```azurecli
75
76
az aks connection create storage-blob --secret
76
77
```
77
78
78
79
Provide the following information as prompted:
79
80
80
-
***Source compute service resource group name:** the resource group name of the AKS cluster.
81
-
***AKS cluster name:** the name of your AKS cluster that connects to the target service.
82
-
***Target service resource group name:** the resource group name of the Blob Storage.
83
-
***Storage account name:** the account name of your Blob Storage.
81
+
-**Source compute service resource group name:** the resource group name of the AKS cluster.
82
+
-**AKS cluster name:** the name of your AKS cluster that connects to the target service.
83
+
-**Target service resource group name:** the resource group name of the Blob Storage.
84
+
-**Storage account name:** the account name of your Blob Storage.
84
85
85
86
> [!NOTE]
86
87
> If you don't have a Blob Storage, you can run `az aks connection create storage-blob --new --secret` to provision a new one and connect it to your AKS cluster.
@@ -89,21 +90,21 @@ Provide the following information as prompted:
89
90
90
91
## View connections
91
92
92
-
Use the Azure CLI [az aks connection list](/cli/azure/functionapp/connection#az-functionapp-connection-list) command to list connections to your AKS Cluster, providing the following information:
93
+
Use the Azure CLI [az aks connection list](/cli/azure/functionapp/connection#az-functionapp-connection-list) command to list connections to your AKS Cluster. Provide the following information:
93
94
94
-
***Source compute service resource group name:** the resource group name of the AKS cluster.
95
-
***AKS cluster name:** the name of your AKS cluster that connects to the target service.
95
+
-**Source compute service resource group name:** the resource group name of the AKS cluster.
96
+
-**AKS cluster name:** the name of your AKS cluster that connects to the target service.
0 commit comments