Configuring Azure AD with PostgreSQL in TSB
This guide explains how to integrate Azure Active Directory (now Microsoft Entra ID) with Tetrate Service Bridge (TSB) to enable authentication for TSB components (e.g., the TSB API server) running in Azure Kubernetes Service (AKS) when interacting with Azure PostgreSQL without storing sensitive credentials in Kubernetes Secrets.
Before you begin:
✓ Make sure kubectl or helm is set up to communicate with your management cluster.
✓ Make sure Azure CLI is set up to your Azure subscription.
Replace the placeholder values enclosed in angle brackets with the corresponding real values. You can modify all other values to suit your specific needs.
If you have already completed some of the steps in this guide, you can skip them and go to the next step.
Enabling OIDC and Azure Workload Identity on your AKS cluster
You need to enable OIDC and Azure Workload Identity on your AKS cluster. You can use following command to enable OIDC and Azure Workload Identity on your existing AKS cluster:
export RESOURCE_GROUP="<your-azure-resource-group>"
export LOCATION="<your-azure-region>"
export CLUSTER_NAME="<your-aks-name>"
az aks update \
-g $RESOURCE_GROUP \
-n $CLUSTER_NAME \
--enable-oidc-issuer \
--enable-workload-identity