Connect to Microsoft Azure
Integrate Kubiya with Azure using service principals or runner-level authentication.
Connect to Microsoft Azure
Integrate Kubiya with Microsoft Azure to allow agents to manage resources and services within your Azure subscriptions.
Authentication Methods
Kubiya supports multiple methods for authenticating agents with Azure:
-
Kubiya Secret (Service Principal Credentials): Store Azure Service Principal credentials (Client ID, Client Secret, Tenant ID) as Kubiya Secrets. Tools must be configured to read these secrets from environment variables (e.g.,
AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID). -
Runner Service Account (Workload Identity): If your Kubiya runner is hosted within Azure (e.g., AKS), configure Workload Identity Federation to associate a Kubernetes service account with an Azure AD application / Managed Identity. Tools executed by the runner can then authenticate using the ambient credentials provided by the environment.
Using Runner Service Account / Workload Identity Federation is generally recommended for improved security as it avoids handling long-lived client secrets.
Configuration Steps (Placeholder)
Instructions on how to configure each method will be added here.
- Using Kubiya Secret:
- Create Azure AD Application and Service Principal.
- Generate Client Secret.
- Create Kubiya Secrets for Client ID, Secret, and Tenant ID.
- Configure tools/agents to use the secrets.
- Using Runner Service Account:
- Configure Workload Identity Federation in Azure AD/AKS.
- Ensure runner pods use the correct Kubernetes service account.
- Tools automatically authenticate using the environment (e.g., using Azure SDKs that support managed identity).
Assigning to Agents
Once configured, ensure the relevant tools or agents are set up to use the chosen Azure authentication mechanism.