如何使用托管身份在AKS环境上获取凭据?
我在AKS中部署了Node(Nestjs)应用程序,使用Kubenet网络创建了群集。节点应用程序需要访问SQL DB,我们已经配置了托管身份,因此它将是用户托管的身份。 为了创建连接,我正在使用基于令牌的接近,在其中我使用 https:// https:// https:// https:// www.npmjs.com/package/@azure/indentity package(在服务器上使用defaustazurecrecredential在local和ManagedIdentityCredential上使用DefaustazureCredential),并且有了这些凭据,我获得了令牌,然后将令牌用于创建DB连接。对于本地,它可以使用DefaultazureCrecredential和AZ CLI登录,它运行良好。 但是在AKS上,它会引发错误,因为找不到托管身份(当使用ManagedIdentityCredentialcredential),为什么请帮助解决解决方案,它已成为一个巨大的阻滞剂?
I have node(nestjs) application deploy in AKS, clusters were created using kubenet network. The node application needs to access the sql DB, we have configured managed identities, so it'll be user managed identity.
To create connection I'm using token based approached, where I get the credentials using https://www.npmjs.com/package/@azure/identity package ( using DefaultAzureCredential on local and ManagedIdentityCredential on server), and with those credentials, I get the token, and then token is used in creating the DB connection. For local it worked fine, using DefaultAzureCredential and az cli with user logged in.
But on AKS it throws error as no managed identity found( when ManagedIdentityCredential used), why is that, please help to get to the solution, it has become a huge blocker?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否检查过是否创建了AAD身份?
如果不在群集上添加。命名空间中应该有pods控制流向Microsoft AAD的流量,因此节点托管身份(NMI),并描述节点在节点上揭示了pods的pods,以拦截呼叫。
请查看文档
Have you checked if aad identity is created?
If not add it on the cluster. There should be pods in a namespace which control the traffic flow to microsoft AAD, so Node Managed Identity(nmi), and describe node reveals pods on the node which intercept the calls.
Check out the docs