Configure OPC UA user authentication options for Azure IoT OPC UA Broker Preview to use
Important
Azure IoT Operations Preview – enabled by Azure Arc is currently in PREVIEW. You shouldn't use this preview software in production environments.
See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
In this article, you learn how to configure OPC UA user authentication options. These options provide more control over how OPC UA Broker Preview authenticates with OPC UA servers in your environment.
To learn more, see OPC UA applications - user authentication.
Prerequisites
A deployed instance of Azure IoT Operations Preview. To deploy Azure IoT Operations for demonstration and exploration purposes, see Quickstart: Deploy Azure IoT Operations – to an Arc-enabled Kubernetes cluster.
Features supported
Feature | Supported |
---|---|
OPC UA user authentication with username and password. | ✅ |
OPC UA user authentication with an X.509 user certificate. | ❌ |
Configure username and password authentication
First, configure the secrets for the username and password in Azure Key Vault and project them into the connected cluster by using a SecretProviderClass
object.
Configure the username and password in Azure Key Vault. In the following example, use the
username
andpassword
as secret references for the asset endpoint configuration in the Azure IoT Operations (preview) portal.Replace the placeholders for username and password with the credentials used to connect to the OPC UA server.
To configure the username and password, run the following code:
# Create username Secret in Azure Key Vault az keyvault secret set \ --name "username" \ --vault-name "<your-azure-key-vault-name>" \ --value "<your-opc-ua-server-username>" \ --content-type "text/plain" # Create password Secret in Azure Key Vault az keyvault secret set \ --name "password" \ --vault-name "<your-azure-key-vault-name>" \ --value "<your-opc-ua-server-password>" \ --content-type "text/plain"
Configure the
aio-opc-ua-broker-user-authentication
custom resource in the cluster. Use a Kubernetes client such askubectl
to configure theusername
andpassword
secrets in theSecretProviderClass
object array in the cluster.The following example shows a complete
SecretProviderClass
custom resource after you add the secrets:apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: aio-opc-ua-broker-user-authentication namespace: azure-iot-operations spec: provider: azure parameters: usePodIdentity: 'false' keyvaultName: <azure-key-vault-name> tenantId: <azure-tenant-id> objects: | array: - | objectName: username objectType: secret objectVersion: "" - | objectName: password objectType: secret objectVersion: ""
Note
The time it takes to project Azure Key Vault certificates into the cluster depends on the configured polling interval.
In the Azure IoT Operations (preview) portal, select the Username & password option when you configure the Asset endpoint. Enter the names of the references that store the username and password values. In this example, the names of the references are username
and password
.
Зворотний зв’язок
https://aka.ms/ContentUserFeedback.
Очікується незабаром: протягом 2024 року ми будемо припиняти використання механізму реєстрації проблем у GitHub для зворотного зв’язку щодо вмісту й замінювати його новою системою зворотного зв’язку. Докладніше:Надіслати й переглянути відгук про