Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Cloudaware needs access to Azure Key Vault* to check the expiration date of keys and secrets. Set up the access policy for the Cloudaware application (in this guide, cloudaware-api-access) on the Key Vault level.

 

  1. Log in to the Azure portal. Select Key Vaults.

  2. Select the key vault. Go to 'Access Policies'on the left+Add Access Policy.

  3. Set up the key vault:
    Key permissions: List
    Secret permissions: List
    Certificate permissions: List
    Click Next.

    Select principal: cloudaware-api-access Click Add.
    Select the application → NextCreate.

  4. Repeat steps 1-3 for each key vault.

...

  1. Log in to Azure. Select Subscriptions.

  2. Select the subscription. Go to 'Access Control (IAM)' on the left. Click +AddAdd role assignment:

    a. Under the tab 'Role': in 'Job function roles' select Azure Kubernetes Service Cluster User Role → Next.

    b. Under the tab 'Members':
    Assign access to: User, group, or service principal
    Members: click +Select members → start typing the name of the Azure application created for Cloudaware access (in this guide, cloudaware-api-access)Select.

    Click Review + assign.

  3. To view Azure AKS resources, go to Cloudaware CMDB Navigator. Select MICROSOFT AZURE → COMPUTE → AKS.

    Azure start guide - additional permissions - AKS - AKS in CMDB.pngImage Added

Note

If AKS cluster is Active Directory-managed, check this guide to set up the cluster role binding and grant required permissions to Cloudaware.

...