Quickstart: Create a service connection in an AKS cluster from the Azure portal
Article
In this quickstart, you create a new service connection in an Azure Kubernetes Service (AKS) cluster to connect your AKS resource to other Azure services.
To create a new service connection in AKS cluster, select the Search resources, services and docs (G +/) search bar at the top of the Azure portal, type AKS, and select Kubernetes services.
Select the AKS cluster you want to connect to a target resource.
Select Service Connector from the left table of contents. Then select Create.
Select or enter the following settings.
Setting
Example
Description
Kubernetes namespace
default
The namespace where you need the connection in the cluster.
Service type
Storage - Blob
The target service type. If you don't have a Microsoft Blob Storage, you can create one or use another service type.
Connection name
my_connection
The connection name that identifies the connection between your AKS cluster and target service. Use the connection name provided by Service Connector or choose your own connection name.
Subscription
My subscription
The subscription for your target service (the service you want to connect to). The default value is the subscription for this AKS cluster.
Storage account
my_storage_account
The target storage account you want to connect to. Target service instances to choose from vary according to the selected service type.
Client type
python
The code language or framework you use to connect to the target service.
Select Next: Authentication to choose an authentication method.
Select Workload identity to authenticate through Microsoft Entra workload identity to one or more instances of an Azure service. Then select a user-assigned managed identity to enable workload identity.
Select Service principal to use a service principal that defines the access policy and permissions for the user/application.
Warning
Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
Select Connection string to generate or configure one or multiple key-value pairs with pure secrets or tokens.
Select Next: Networking to configure the network access to your target service and select Configure firewall rules to enable access to your target service.
Note
Service Connector for AKS currently only supports the firewall option. Private link and service endpoint aren't supported.
Select Next: Review + Create to review the provided information. Then select Create to create the service connection. This operation may take a minute to complete.
View service connections in AKS cluster
Service Connector displays existing connections in this cluster.
Select Network View to see all the service connections in a network topology view.
Update your container
Now that you created a connection between your AKS cluster and target service, you need to retrieve the connection secrets and deploy them in your container.
In the Azure portal, navigate to your AKS cluster resource and select Service Connector.
Select the newly created connection, and then select YAML snippet. This action opens a panel displaying a sample YAML file generated by Service Connector.
To set the connection secrets as environment variables in your container, you have two options:
Directly create a deployment using the YAML sample code snippet provided. The snippet includes highlighted sections showing the secret object that will be injected as the environment variables. Select Apply to proceed with this method.
Alternatively, under Resource Type, select Kubernetes Workload, and then select an existing Kubernetes workload. This action sets the secret object of your new connection as the environment variables for the selected workload. After selecting the workload, select Apply.
Cloud-native applications are modular in nature, with components separated and self-contained. Components can be encapsulated in containers, such as those created with Docker or published from an Azure service. Dynamic scaling can then be managed by Kubernetes. We'll learn to decide when Kubernetes is right for our cloud-native app, and we'll see how to use it as a first building block of our cloud-native architecture.
Learn how to use Service Connector to connect AKS to other Azure services. Learn about Service Connector operations, resource management, and troubleshooting.
