Azure - Service Principal
Configuring Azure agent with Service Principle allows you to deploy the Azure agent from any Kubernetes cluster.
Those are the services that are integrated with the agent:
| Service | Description |
|---|---|
| Azure DNS | Collects metadata from Zones and Records. |
| Azure Virtual Machine | Collects metadata from Virtual Machine. |
| Azure Storage Account | Collects metadata from Storage Accounts and Containers. |
| Azure Disks | Collects metadata from Disks. |
Prerequisites
- Service Principal with required permissions
Procedure from web dashboard
- Navigate to Integrations > Agents (or go directly to
/home/integrations/agents) - Click "Add agent"
- Add a name for the agent and select Azure Inventory
- Click "Submit" to proceed to the configuration screen
- You'll see a setup guide with the commands needed to deploy your agent, copy and execute each command in your terminal/Kubernetes environment
- Select the Using credentials tab in the setup guide
- Optional: Modify the
httpRequestSizeparameter to adjust the maximum number of objects sent to the API in each request (must be an integer greater than 0, default value is usually sufficient)
Procedure from CLI
1. Create the Agent object
Create the Agent object in the cluster where Resiliency.IO is deployed:
apiVersion: core.resiliency.io/v1alpha1
kind: Agent
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
type: AzureInventory
secretName: <agent-name>
2. Retrieve the APIKey
Resiliency.IO will create an APIKey that will be assigned to the Agent. Get the secret name:
kubectl -n resiliency-system get agent <agent-name>
This command will display the Agent details, and the secret name is in the .status.secretName field:
apiVersion: core.resiliency.io/v1alpha1
kind: Agent
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
type: AzureInventory
secretName: <agent-name>
status:
secretName: <agent-name>-kj2f4
state: Ready
Get the secret content:
kubectl -n resiliency-system get secret <secret-name> -o jsonpath="{.data}" | jq -r 'to_entries[] | "\\(.key): \\(.value | @base64d)"'
Example output:
apikey: 259eaa16-6e0e-456a-8f6c-774ac61bab01
apisecret: 0b25cbc0-5a87-49e2-83ad-bc08c51038d3
3. Deploy the AgentInstance
Deploy the AgentOperator in your target cluster:
kubectl apply -f http://api.<base_domain>/static/manifests/agent-operator.yaml
Create the APIKey secret with the AWS IAM User credentials:
kubectl -n resiliency-system create secret generic <agent-name> \
--from-literal=ASTROKUBE_AGENT_ID=<apikey> \
--from-literal=ASTROKUBE_AGENT_SECRET=<apisecret> \
--from-literal=AZURE_CLIENT_ID=<your-azure-client-id> \
--from-literal=AZURE_CLIENT_SECRET=<your-azure-client-secret> \
--from-literal=AZURE_TENANT_ID=<your-azure-tenant-id>
Deploy the AgentInstance:
apiVersion: core.resiliency.io/v1alpha1
kind: AgentInstance
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
api: http://api.<base_domain>
httpRequestSize: 10
azure:
secretName: <agent-name>
subscriptionID: <your-subscription-id>
servicePrincipalCredential:
secretName: <agent-name>
Verify agent deployment
-
Check the agent status in Kubernetes:
# Check agent instance
kubectl get agentinstances -n resiliency-system <name-of-your-agent>
# Check pod
kubectl get pods -n resiliency-system <name-of-your-agent-pod>
# Check logs in pod
kubectl logs -n resiliency-system <name-of-your-agent-pod>
You should see output similar to this for a healthy agent:
{"level":"info","timestamp":"2029-08-24T10:00:00Z","msg":"running exporter"}
{"level":"info","timestamp":"2029-08-24T10:00:01Z","msg":"running host listener"}
{"level":"info","timestamp":"2029-08-24T10:00:02Z","msg":"exported 1 objects"}
{"level":"info","timestamp":"2029-08-24T10:00:03Z","msg":"exported 5 objects"}