英文:
Azure Kubernetes Service managed control plane authentication with resources like nodes in non-Microsoft tenant
问题
如何使 AKS API 服务器在客户的租户(非 Microsoft 租户)中对资源进行身份验证和授权?
我可以看到一个与 AKS 群集同名的企业应用程序,被添加为受管资源组的贡献者角色,这是否起到了任何作用?
英文:
How does AKS api-server authN/Z with resources provisioned in customer's tenant (non-Microsoft tenant)?
I can see one enterprise application with same name as that of aks cluster, is added with contributor role on managed resource group, does that play any role?
答案1
得分: 0
API服务器不与节点进行身份验证,而是相反的情况。
证书用于身份验证,流量流动可以通过不同的方式进行配置。请参阅此页面 https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/tunnel-connectivity-issues
您所看到的企业应用程序允许AKS根据缩放请求或创建新工作负载的需要创建基础设施资源,如VM节点和负载均衡器。
英文:
The api server does not authenticate with the nodes, its the other way around.
Certificates are used for authentication, and there are different ways the traffic flow can be configured. See this page https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/tunnel-connectivity-issues
The enterprise app you're seeing allows AKS to create infrastructure resources such as VM nodes and load balancers as required through scaling requests or new workloads being created.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论