Azure Kubernetes Service managed control plane authentication with resources like nodes in non-Microsoft tenant

huangapple go评论69阅读模式
英文:

Azure Kubernetes Service managed control plane authentication with resources like nodes in non-Microsoft tenant

问题

如何使 AKS API 服务器在客户的租户(非 Microsoft 租户)中对资源进行身份验证和授权?

我可以看到一个与 AKS 群集同名的企业应用程序,被添加为受管资源组的贡献者角色,这是否起到了任何作用?

英文:

How does AKS api-server authN/Z with resources provisioned in customer's tenant (non-Microsoft tenant)?

I can see one enterprise application with same name as that of aks cluster, is added with contributor role on managed resource group, does that play any role?

答案1

得分: 0

API服务器不与节点进行身份验证,而是相反的情况。
证书用于身份验证,流量流动可以通过不同的方式进行配置。请参阅此页面 https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/tunnel-connectivity-issues

您所看到的企业应用程序允许AKS根据缩放请求或创建新工作负载的需要创建基础设施资源,如VM节点和负载均衡器。

英文:

The api server does not authenticate with the nodes, its the other way around.
Certificates are used for authentication, and there are different ways the traffic flow can be configured. See this page https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/tunnel-connectivity-issues

The enterprise app you're seeing allows AKS to create infrastructure resources such as VM nodes and load balancers as required through scaling requests or new workloads being created.

huangapple
  • 本文由 发表于 2023年5月14日 22:58:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/76248131.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定