Azure Guard Integration allow users of Azure Kubernetes Engine clusters to use Azure Active directory to provide user identities in the Kubernetes cluster.
This chart will do the following
- Install the guard service in the kubernetes cluster
- Create a key valult in the specified resource group
- Upload the authentication and authorization files to keyvault
- Run daemonset on all masters to enable webhook authentication and authorization
##Usage
$ helm repo add azure-guard https://deaborch.github.io/aks-engine-guard-integration
$ helm repo update
$ helm install <deployment-name> azure-guard \
--set tenantId=<TENANT_ID> \
--set subscriptionId=<SUBSCRIPTION_ID> \
--set resourceGroup=<RESOURCE_GROUP> \
--set location=<LOCATION> \
--set connectedCluster=<CONNECTED_CLUSTER> \
--set clientId=<CLIENT_ID> \
--set clientSecret=<CLIENT_SECRET> \
--set keyvaultName=<KEYVAULT_NAME> Note this helm chart assumes the following
- Cluster is created with AKS engine
- Cluster has access to the internet
- Cluster is connected with ARC. Find more information about this here
The following table lists the configurable parameters of the Azure-guard chart and their default values.
| Parameter | Description | Default |
|---|---|---|
tenantId |
Required azure tenant id | null |
subscriptionId |
Required azure connected cluster subscription id | null |
resourceGroup |
Required azure connected cluster resource group name | null |
connectedCluster |
Required azure connected cluster subscription id | null |
location |
Required azure resource group location | null |
clientId |
Required azure connected cluster client id | null |
clientSecret |
Required azure connected cluster client secret | null |
keyvaultName |
Required azure keyvault name | null |
jobImage |
"delanyo32/guard-onboarding:latest" |
|
demonsetImage |
"delanyo32/master-config:latest" |
Documentation generated by Frigate.