Quickstart: Create a service connection in an AKS cluster from the Azure portal
In this quickstart, you create a new service connection in an Azure Kubernetes Service (AKS) cluster to connect your AKS resource to other Azure services.
Prerequisites
- An Azure account with an active subscription. Create an account for free.
- An AKS cluster in a region supported by Service Connector. If you don't have one yet, create an AKS cluster.
Sign in to Azure
Sign in to the Azure portal at https://portal.azure.com/ with your Azure account.
Create a new service connection in AKS cluster
To create a new service connection in AKS cluster, select the Search resources, services and docs (G +/) search bar at the top of the Azure portal, type AKS, and select Kubernetes services.
Select the AKS cluster you want to connect to a target resource.
Select Service Connector from the left table of contents. Then select Create.
Select or enter the following settings.
Setting Example Description Kubernetes namespace default The namespace where you need the connection in the cluster. Service type Storage - Blob The target service type. If you don't have a Microsoft Blob Storage, you can create one or use another service type. Connection name my_connection The connection name that identifies the connection between your AKS cluster and target service. Use the connection name provided by Service Connector or choose your own connection name. Subscription My subscription The subscription for your target service (the service you want to connect to). The default value is the subscription for this AKS cluster. Storage account my_storage_account The target storage account you want to connect to. Target service instances to choose from vary according to the selected service type. Client type python The code language or framework you use to connect to the target service. Select Next: Authentication to choose an authentication method.
Select Workload identity to authenticate through Microsoft Entra workload identity to one or more instances of an Azure service. Then select a user-assigned managed identity to enable workload identity.
Select Next: Networking to configure the network access to your target service and select Configure firewall rules to enable access to your target service.
Note
Service Connector for AKS currently only supports the firewall option. Private link and service endpoint aren't supported.
Select Next: Review + Create to review the provided information. Then select Create to create the service connection. This operation may take a minute to complete.
View service connections in AKS cluster
Service Connector displays existing connections in this cluster.
Select Network View to see all the service connections in a network topology view.
Update your container
Now that you created a connection between your AKS cluster and target service, you need to retrieve the connection secrets and deploy them in your container.
In the Azure portal, navigate to your AKS cluster resource and select Service Connector.
Select the newly created connection, and then select YAML snippet. This action opens a panel displaying a sample YAML file generated by Service Connector.
To set the connection secrets as environment variables in your container, you have two options:
Directly create a deployment using the YAML sample code snippet provided. The snippet includes highlighted sections showing the secret object that will be injected as the environment variables. Select Apply to proceed with this method.
Alternatively, under Resource Type, select Kubernetes Workload, and then select an existing Kubernetes workload. This action sets the secret object of your new connection as the environment variables for the selected workload. After selecting the workload, select Apply.
