Microsoft Azure
This page describes the available authentication methods when using Microsoft Azure.
For Microsoft Azure, the following authentication methods are available:
Once your preferred authentication method has been configured, follow the instructions to use it in your Backup or Restore resource.
Azure Container Token Credentials
Azure Container Token Credentials are defined in the .spec.azureContainerToken field of the Credentials resource.
It can be used in combination with the following resources:
Shared Access Signature (SAS) Token
SAS Tokens may be used for accessing Azure Containers. The token must be set in a Secret which is then referenced by the Credentials resource.
apiVersion: kannika.io/v1alphakind: Credentialsmetadata: name: azure-container-tokenspec: azureContainerToken: description: "Azure Container SAS Token" # Optional description sasTokenFrom: secretKeyRef: name: azure-container-sas-token # Reference to the secret containing the SAS token key: secretSasToken # Key in the secret containing the SAS tokenAnd here is the corresponding secret:
apiVersion: v1kind: Secrettype: Opaquedata: secretSasToken: | <SAS Token base64-encoded>metadata: name: azure-container-sas-tokenIAM Service Account Authentication
It is possible to attach a Kubernetes ServiceAccount (SA) to a Backup Pod or to a Restore Pod. A ServiceAccount is used to provide an identity for processes that run in a Pod. The identity is used to determine what resources the process has access to.
This is useful when the Kubernetes cluster runs on a cloud provider that supports Workload Identity, where the ServiceAccount is mapped to an IAM role that has the necessary permissions to access the external system.
Please check the Backup Pod Configuration and the Restore Pod Configuration sections on how to attach a ServiceAccount.