Links

Azure Kubernetes Service (AKS)

Learn how to connect your Azure Kubernetes Service (AKS) resources to Sedai agentlessly.
We recommend connecting AKS clusters with Sedai's Smart Agent.
In order to add your AKS cluster to Sedai agentlessly, you will need the following details:
  • Cluster Name
  • Cluster URL
  • Server ID
  • Tenant ID
  • Region
  • Certifying Authority Certificate
Additionally, you will need to provide Azure credentials within Sedai. You can optionally connect with either of the following:
  • Recommended: Azure Client Credentials (Client ID and Secret)
  • Client Certificate (Client Certificate Key and Data)
AKS uses Azure Active Directory (AD) for authentication and Kubernetes Role Based Access Control (RBAC)/ Azure RBAC for authorization.
To access the above information and grant Sedai programmatic access, complete the following steps:

Create Azure Active Directory Group

You can skip this step if you already have an Azure AD group with Cluster-User level access on your AKS cluster.
1. Login to you Azure CLI and create a new Azure AD group (you can name this whatever you like):
az ad group create --display-name AKSGroup --mail-nickname AKSGroup
2. Get the AD Group ID (this is needed to create/update your AKS cluster):
az ad group show --group AKSGroup --query id -o tsv
3. Create an Azure resource group (you can skip this step if you have an existing cluster):
Enter the region of your choice, just ensure your desired node size for the cluster is available in your selected region.
az group create --name AKS --location southindia

Enable access for AD Group Users

Create / Update AKS Cluster to enable access for the AD Group:
az aks create --resource-group AKS \
--name AKSCluster \
--enable-aad \
--aad-admin-group-object-ids 24a2a1e7-75aa-433b-b704-e03ff445fddf \
--node-vm-size Standard_D2--node-count 1
This includes a few options, but can you can add more — reference az aks create for more options.

Provide Cluster-User level access to AD Group

Run the following commands to assign AKS Cluster-User Role to the AD Group:
AKS_CLUSTER=$(az aks show --resource-group AKS --name AKSCluster --query id -o tsv)
ACCOUNT_ID=$(az ad group show --group AKSGroup --query id -o tsv)
az role assignment create --assignee $ACCOUNT_ID --scope $AKS_CLUSTER --role "Azure Kubernetes Service Cluster User Role"
Learn more about AKS built-in roles:

Create app registration and client secret

So that Sedai can interact with Azure as well as your AKS cluster, create an app registration in Azure AD. When you create an app registration, Azure also creates a Service Principle, which also needs to be linked to the AD Group.
  • Copy the Client ID and Tenant ID (this will be used to connect Sedai to your cluster within the platform).
  • Add a client secret for the app registration with a validity of your choice (you can update the client secret in Sedai if your current one expires).
  • Copy the secret (this will be used as the client secret).
Navigate to the Azure AD page and select the AD Group. Select Add members and search for the app registration name.
In order to connect your AKS cluster within Sedai, you will also need to fetch details from the Kube config file. Run the following command from Azure CLI:
az aks get-credentials --resource-group AKS --name AKSCluster
Open the ~/.kube/config file and look for the following:
  • apiserver-id
  • certificate-authority-data
  • server