Skip to content
Back to Blog
1 min read

Azure Kubernetes Service in 2022: New Features and Best Practices

azure kubernetes aks containers

I wrote “Azure Kubernetes Service in 2022: New Features and Best Practices” to share practical, production-minded guidance on this topic.

AKS Managed Identity

AKS now supports managed identities natively, eliminating the need for service principals:

resource aksCluster 'Microsoft.ContainerService/managedClusters@2021-10-01' = {
  name: aksClusterName
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    dnsPrefix: dnsPrefix
    kubernetesVersion: '1.22.4'
    enableRBAC: true
    aadProfile: {
      managed: true
      enableAzureRBAC: true
      adminGroupObjectIDs: [
        adminGroupId
      ]
    }
    agentPoolProfiles: [
      {
        name: 'systempool'
        count: 3
        vmSize: 'Standard_DS2_v2'
        mode: 'System'
        enableAutoScaling: true
        minCount: 1
        maxCount: 5
        availabilityZones: ['1', '2', '3']
      }
    ]
  }
}

Azure AD Workload Identity

The new workload identity feature provides pod-level identity:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: workload-identity-sa
  namespace: default
  annotations:
    azure.workload.identity/client-id: "<CLIENT_ID>"
  labels:
    azure.workload.identity/use: "true"\n\n## Takeaways\n\n*Add a concise, personal takeaway and recommended next steps here.*\n
Michael John Peña

Michael John Peña

Senior Data Engineer based in Sydney. Writing about data, cloud, and technology.