Managed identity is now available for Azure Kubernetes Service, so there is no longer need to manage your own service principals or rotate credentials often. Just execute “az aks create -g rgname -n clustername –enable-managed-identity” and the cluster is ready to go. The next option is using ARM template to configure AKS. There are multiple examples of ARM templates for deploying Kubernetes in Azure with advanced networking and etc. However, you can’t find any templates that use Managed Identity along with Azure Kubernetes Service. Plus, if you have resources outside of the MC_* resource group (it’s created automatically during the AKS deployment), you need to grant required permissions to cluster Managed Identity (new and recommended) or Service Principal, so AKS will be able to interact with such “external” resources (for example, read/write on subnets and etc.). Here is an example how you can reference the identity using ARM template:
"name": "[concat(variables('vnetName'), '/', variables('vnetSubnetName'),'/Microsoft.Authorization/', guid(resourceGroup().id, 'aksvnetaccesscluster'))]",
"principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters/', parameters('clusterResourceName')), '2020-03-01', 'Full').identity.principalId]",
Today I have finished my Azure certification path by successfully passing the AZ-400: Microsoft Azure DevOps Solutions exam. This exam measures your ability to accomplish the following technical tasks: design a DevOps strategy, implement DevOps development processes, implement continuous integration, continuous delivery, dependency management, application infrastructure, and continuous feedback.
The exam consists of 2 case studies, 12 lab tasks, 42 test questions that must be answered in 180 minutes. I had two lab tasks that couldn’t be finished because of Azure environment issues (exam’s account didn’t have required permissions on Azure resources to complete certain sub-tasks). Fortunately, I was pretty sure for overall result and, after speaking with proctor, decided to jump into the next exam’s sections.
How to prepare
- You must either earn the Azure Administrator Associate or Azure Developer Associate certification
- You must have an active Azure DevOps account. The Azure Pipelines and Azure Repos are needed at least.
- Check out the free Azure/DevOps training courses (AZ-400 OpenEDX that’s based on MCT training guides and AzureDevOps Labs). In addition, there are a lot of videos at Pluralsight for getting started with Azure DevOps and understand DevOps principles.
- The labs are all about Azure Services (IaaS/PaaS/IaC), so you must know how to prepare environments for CD, environment types and differences between them, make IaC, understand security options for each Azure resource, CI/CD. Also, I was pretty surprised to see the lab tasks to be completed on localhost file system before pushing the code to Azure.
- The certification will be valid only for 2 years, so keep learning and practice every day! I wish you good luck on the exam and may the force be with you.