Yes, it is possible to authenticate with Azure Arc Managed Identity endpoint from a Docker container running on your Azure Arc machine. You can use the same authentication flow as described in the documentation you shared. To authenticate from a Docker container, you need to ensure that the container has access to the Azure Arc Managed Identity endpoint. You can do this by setting the IDENTITY_ENDPOINT
and IDENTITY_HEADER
environment variables in the container to the values of the same variables on the host machine. Once you have set these environment variables, you can make an HTTP GET request to the Azure Arc Managed Identity endpoint from within the container to get an access token for Azure resources. The endpoint URL is http://localhost:40342/metadata/identity/oauth2/token
. Here is an example of how you can get an access token from within a Docker container running on an Azure Arc machine: bash # Set the environment variables export IDENTITY_ENDPOINT="[http://localhost:40342](http://localhost:40342)" export IDENTITY_HEADER="X-IDENTITY-HEADER" # Get the access token ACCESS_TOKEN=$(curl -H Metadata:true "[http://localhost:40342/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com/](http://localhost:40342/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com/)" | jq -r '.access_token')
This example uses the curl
command to make an HTTP GET request to the Azure Arc Managed Identity endpoint and the jq
command to extract the access token from the response. I hope this helps! Let me know if you have any further questions.
Authenticating with Azure Arc Managed Identity endpoint from Docker container
Isabella de Leon
0
Reputation points Microsoft Employee
I'm currently able to follow this authentication flow on my Azure Arc enabled machine to get an access token for Azure resources: https://learn.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication
I'd like to follow a similar process from a Docker container running on my Azure Arc machine - however I haven't been able to successfully get a challenge/access token from the container.
Can anyone provide insight on whether this is possible?
1 answer
Sort by: Most helpful
-
Alan La Pietra (CSA) 80 Reputation points Microsoft Employee
2024-07-01T08:22:46.2433333+00:00