question

roy-6851 avatar image
0 Votes"
roy-6851 asked ·

create aks k8s network policy for ingress and igress to allow aad-pod-identity from/to pod

create aks k8s network policy for ingress and igress to allow aad-pod-identity from/to pod

azure-virtual-machines
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

jakaruna-MSFT avatar image
0 Votes"
jakaruna-MSFT answered ·

You have 2 asks in your question. Lets see them one by one.

Setting up network policy:

You need to create a cluster with network policy enabled. You can do this only while creating. Once created you cant add or chnage the netwrok policy.

You can choose from two network policies, Azure(Azure provided.) or calico(opensource).

Azure networking policy supports Azure CNI(need to choose Advanced networking while creating the cluster)

Calico supports both kubenet and azure CNI,

This document will help you to deploy a cluster with network policy and create rules and test them. The same document also explains the difference between Azure and calico networking policy.


AAD pod identity.

This is a opensource project which helps us to give permissions(assign identities) for the pods. Pods can then access other azure resources without passwords.


aad-pod-identity is a production ready opensource project. Link to official documentation is here.

Also NOTE that Azure technical support wont support issues on Aad pod identity Because thats considered a opensource project and only community support is available.

Try that out and let me know




· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.