@Andrea Florio ,this should be possible if you are able to create a cloud identity as well for you k8s cluster on-prem..
The below links can be helpful to implement the same.
ACR => https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli
KV => https://github.com/Azure/secrets-store-csi-driver-provider-azure
Connect Azure keyvault and container registry to on-prem kubernetes cluster
Good morning.
I'm trying to connect a kubernetes cluster running on prem in our DC with Azure's key vault and container registry.
I cannot find any exhaustive documentation on how to do that (everything revolves around AKS).
Is it possible to achieve what I'm after?
2 answers
Sort by: Most helpful
-
srbhatta-MSFT 8,546 Reputation points Microsoft Employee
2022-04-22T13:17:40.583+00:00 -
Bruno Lucas 4,411 Reputation points MVP
2022-05-05T05:30:34.057+00:00 Hi @Andrea Florio ,
I'm also looking into do something like that. I have not tried this yet but this may be able to help you a little more:
Is your on-prem synched with Azure AD?
I believe you may need to do something like this: https://learn.microsoft.com/en-us/answers/questions/523856/how-to-use-vms-with-azuread.htmlThan will depend on the VM/Server OS. is Your k8 running on Linux?: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-linux-vm-access-arm
Once the identity is installed you should be able to see it when creating a Vault Policy.Case it becomes to hard, you can drop that approach and try to use an Azure Service Principal :
https://dev.to/azure/azure-tip-how-to-get-your-kubernetes-cluster-service-principal-and-use-it-to-access-other-azure-services-2735Once you have k8 with Service Principal, you just need to create a vault policy for the service principal