12 Messages
•
1.1K Points
Migrating Edge from K3S to AKS with vault integration
We currently have Edge installed in Azure VMs using K3S. We are using Azure Key Vault for secret management with managed identity authentication. We plan to migrate to Azure Kubernetes Service but the documentation doesn't really cover this type of migration, or what happens with vaults. I believe the migration process is:
- Backup your current edge site and save the file
- uninstall the current edge site
- Install on AKS supplying the backup file
I have two questions related to this:
- What happens with the key vault in this scenario? Does installing from the backup recreate it as-is or do I need to recreate the integration and update the edge connections?
- Is managed identity authentication supported when Edge is running on AKS? The docs state: "In order to use the Managed Identity assigned to Azure Virtual Machine authentication method, you must install your Edge site inside of the Azure VM." but this is ambiguous. Does this mean it only works if you have on K3S on an azure VM and that AKS is not supported? Or does it mean the AKS nodes have to be Azure VMs? https://productresources.collibra.com/docs/collibra/latest/Content/Edge/EdgeSecurity/ta_integrate-edge-with-vault.htm
Community_Alex
691 Messages
•
17.7K Points
15 days ago
Hi @andrewsouthcombe
There is no direct migration path from K3s to managed Kubernetes services like AKS, as they are two different deployment types. However, Vault integration has been successfully maintained using K3s-to-K3s backup and restore.
If you are interested in AKS, that is a totally new Edge site.
I am tagging @celenemcfall to the conversation if you have any further questions.
1
0