Having our AKS cluster up and running and our kubectl has access to the API as Energy Corp's PaaS cluster administrator, i.e. admin@energycorp.com, we can go on with the Capsule Operator installation.
Login as cluster admin:
az login
az aks get-credentials --resource-group myCoAKSResourceGroup --name myCoAKSClusterhelm repo add projectcapsule https://projectcapsule.github.io/charts
helm repo updateCapsule needs to know the allowed groups it will work with, therefore, we need to register the Object ID of the Azure AD group myCoAKSCapsuleGroup as Capsule User Group under the CapsuleConfiguration:
helm upgrade --install capsule projectcapsule/capsule \
--namespace capsule-system --create-namespace \
--set manager.options.forceTenantPrefix=true \
--set "manager.options.capsuleUserGroups[0]=$CoAKS_CAPSULE_GROUP_OBJECTID"We are ready to install Capsule Proxy.