Microsoft Build 2020: Book of News

Microsoft Build is annual and one of the biggest conference that always brings TONS of updates and announcements across the entire Microsoft technology stack with focus on developer tools, products and Azure cloud platform. The Build 2020 hadn’t been canceled and was transformed to a digital/online event that took place May 19-20.

Key news highlights (my favourite)
Official guide to the key event announcements

Azure Kubernetes: ARM Template and Managed Identity

Managed identity is now available for Azure Kubernetes Service, so there is no longer need to manage your own service principals or rotate credentials often. Just execute “az aks create -g rgname -n clustername –enable-managed-identity” and the cluster is ready to go. The next option is using ARM template to configure AKS. There are multiple examples of ARM templates for deploying Kubernetes in Azure with advanced networking and etc. However, you can’t find any templates that use Managed Identity along with Azure Kubernetes Service. Plus, if you have resources outside of the MC_* resource group (it’s created automatically during the AKS deployment), you need to grant required permissions to cluster Managed Identity (new and recommended) or Service Principal, so AKS will be able to interact with such “external” resources (for example, read/write on subnets and etc.). Here is an example how you can reference the identity using ARM template:

                            "type": "Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments",
                            "apiVersion": "2017-05-01",
                            "name": "[concat(variables('vnetName'), '/', variables('vnetSubnetName'),'/Microsoft.Authorization/', guid(resourceGroup().id, 'aksvnetaccesscluster'))]",
                            "properties": {
                                "roleDefinitionId": "[variables('networkContributorRole')]",
                                "principalId": "[reference(resourceId('Microsoft.ContainerService/managedClusters/', parameters('clusterResourceName')), '2020-03-01', 'Full').identity.principalId]",
                                "scope": "[variables('vnetSubnetId')]"
                            }