feat: add azure msi auth method for vault #1319
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's in this PR?
Integration of the MSI AAD auth method for Azure. Currently there are only AWS and GCP available.
This method use the MSI ( Managed system identity ) of Azure.
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/use-managed-identity.md
https://cloudblogs.microsoft.com/opensource/2018/04/10/scaling-tips-hashicorp-vault-azure-active-directory/
It's very useful for adding vault admission controller in a multi-cluster environnement with an external Vault. Using this method the admission controller is auto registered to the vault using the MSI.
Why?
Adding Azure auth method https://www.vaultproject.io/docs/auth/azure which is currently missing inside the vault admission controller.
Additional context
An image was built and is currently deployed in an AKS cluster from our staging environnement https://hub.docker.com/r/padoa/vault-secrets-webhook/tags?page=1&ordering=last_updated
Checklist