TechQA.

Azure AAD pod identity with Azure event hub

613 views Asked by At

I have a requirement to use Managed identity mechanism to access event hub from Spark streaming application running in kubernetes I am going through azure AAD pod managed identity to connect to Azure event hub and didn’t find any doc regarding event hub

  1. Does azure AAD pod identity support accessing of event hub resource securely using azure active directory.

  2. Can anyone provide steps/code to use event hub with AAD pod

Thanks in advance

spark-streaming azure-aks aad-pod-identity
Original Q&A
1

There are 1 answers

0
ozgen On

Yes, Aad pod identity supports Azure Eventhub Connection. Here are the steps: Firstly, configure your cluster to enable managed identity. Also, this scenario is related to RBAC-disabled clusters.

  • az aks update -g <rg-name> -n <cluster-name> --enable-managed-identity
  • az aks update -g <rg-name> -n <cluster-name> --enable-pod-identity --enable-pod-identity-with-kubenet

After this conf., you can enable aad pod identity:

  • kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/deployment.yaml
  • kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/mic-exception.yaml

check 3 pods in the default namespace are up & running —> kubectl get po

create aad pod identity with cli:

az aks pod-identity add --resource-group <rg-name>
   --cluster-name <cluster-name> --namespace <your-ns> --name <name> --identity-resource-id <resource-id>
   --binding-selector <name_that_use_in_aks>

checked identity is assigned or not?

az aks show -g <rg-name> -n <cluster-name> | grep -i
   <user-assigned-managed-identiy-name>

If your configuration is valid, Here is the java code sample:

    ManagedIdentityCredential managedIdentityCredential = new ManagedIdentityCredentialBuilder() //
                        .clientId("your_id") //
                        .maxRetry(1) //
                        .retryTimeout(duration -> Duration.ofMinutes(1)) //
                        .build();
    
EventHubProducerAsyncClient eventHubProducerAsyncClient = new EventHubClientBuilder() //
                        .credential("fullyQualifiedNamespace", "eventhub-name", managedIdentityCredential) //
                        .buildAsyncProducerClient();
EventData eventData = new EventData(message.getBytes(StandardCharsets.UTF_8));
        eventData.setContentType("application/json");
        CreateBatchOptions options = new CreateBatchOptions() //
                .setPartitionKey("1");

        eventHubProducerAsyncClient.createBatch(options) //
                .flatMap(batch -> { //
                    batch.tryAdd(eventData);
                    return eventHubProducerAsyncClient.send(batch);
                }) //
                .subscribe(unused -> {
                }, error -> {
                    LOGGER.error("Error occurred while sending message:" + error);

                    // Omit the exceptions in case sth went wrong while sending merge result
                }, () -> { //
                    LOGGER.debug("Message send successfully.");
                });

For more details:

microsoft related page

aad pod identity related page

Related Questions in SPARK-STREAMING

Related Questions in AZURE-AKS

Related Questions in AAD-POD-IDENTITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions