...
Cloudaware needs access to Azure Key Vault* to check the expiration date of keys and secrets. Set up the access policy for the Cloudaware application (in this guide, cloudaware-api-access) on the Key Vault level.
Log in to the Azure portal. Select Key Vaults.
Select the key vault. Go to 'Access Policies'on the left→ +Add Access Policy.
Set up the key vault:
Key permissions: List
Secret permissions: List
Certificate permissions: List
Click Next.
Select principal: cloudaware-api-access Click Add.
Select the application → Next → Create.Repeat steps 1-3 for each key vault.
...
Log in to Azure. Select Subscriptions.
Select the subscription. Go to 'Access Control (IAM)' on the left. Click +Add → Add role assignment:
a. Under the tab 'Role': in 'Job function roles' select Azure Kubernetes Service Cluster User Role → Next.
b. Under the tab 'Members':
Assign access to: User, group, or service principal
Members: click +Select members → start typing the name of the Azure application created for Cloudaware access (in this guide, cloudaware-api-access)→Select.
Click Review + assign.To view Azure AKS resources, go to Cloudaware CMDB Navigator. Select MICROSOFT AZURE → COMPUTE → AKS.
Note |
---|
If AKS cluster is Active Directory-managed, check this guide to set up the cluster role binding and grant required permissions to Cloudaware. |
...