Skip to main content
Version: 3.1

shared-aks-aad-authentication

For running disaster recovery (DR) scenarios with Stork, you need to create a unidirectional or bidirectional ClusterPair with the ability to automatically authenticate Stork. When using an Azure Active Directory (AAD) enabled Azure Kubernetes Service (AKS) cluster, the kubelogin tool enables automatic login using a service principal.

This page provides instructions on creating a Kubernetes secret using the service principal ID and secret, and then passing it to the Stork spec. This process will automatically authenticate Stork when creating a ClusterPair object during DR setup.

Prerequisites

Create a non-interactive authentication

Once you have configured your kubeconfig to use a service principal for authentication instead of the default device code flow, follow the below steps to pass the service principal ID and secret as Stork environment variables to your source and destination clusters.

  1. Edit your source and destination StorageCluster to pass your service principal ID and secret as Stork environment variables. This will be used by Stork to authenticate with the AKS cluster:

    stork:
    env:
    - name: AAD_SERVICE_PRINCIPAL_CLIENT_ID
    valueFrom:
    secretKeyRef:
    key: AAD_SERVICE_PRINCIPAL_CLIENT_ID
    name: px-azure-kube-access
    - name: AAD_SERVICE_PRINCIPAL_CLIENT_SECRET
    valueFrom:
    secretKeyRef:
    key: AAD_SERVICE_PRINCIPAL_CLIENT_SECRET
    name: px-azure-kube-access