Training
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The Azure Arc-enabled Kubernetes cluster connect feature provides connectivity to the apiserver
of the cluster without requiring any inbound port to be enabled on the firewall. A reverse proxy agent running on the cluster can securely start a session with the Azure Arc service in an outbound manner.
Cluster connect allows developers to access their clusters from anywhere for interactive development and debugging. It also lets cluster users and administrators access or manage their clusters from anywhere. You can even use hosted agents/runners of Azure Pipelines, GitHub Actions, or any other hosted CI/CD service to deploy applications to on-premises clusters, without requiring self-hosted agents.
On the cluster side, a reverse proxy agent called clusterconnect-agent
, deployed as part of the agent Helm chart, makes outbound calls to the Azure Arc service to establish the session.
When the user calls az connectedk8s proxy
:
kubeconfig
file associated with the Azure Arc-enabled Kubernetes cluster on which the az connectedk8s proxy
is invoked.
kubeconfig
file, saved on the machine by the Azure Arc proxy, points the server URL to an endpoint on the Azure Arc proxy process.When a user sends a request using this kubeconfig
file:
clusterconnect-agent
running on the cluster.clusterconnect-agent
passes on the request to the kube-aad-proxy
component, which performs Microsoft Entra authentication on the calling entity.kube-aad-proxy
uses Kubernetes user impersonation to forward the request to the cluster's apiserver
.Training
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.