Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide support for AAD Pod Identity #161

Open
tomkerkhove opened this issue May 8, 2019 · 8 comments

Comments

Projects
None yet
3 participants
@tomkerkhove
Copy link
Member

commented May 8, 2019

Provide support for AAD Pod Identity to make it easier to authenticate to certain Azure workloads.

https://github.com/Azure/aad-pod-identity#getting-started

@tomkerkhove

This comment has been minimized.

Copy link
Member Author

commented May 17, 2019

@jeffhollan I would consider this as required for v1.0

@jeffhollan

This comment has been minimized.

Copy link
Contributor

commented May 17, 2019

Could this be used as a connection mechanism for the Service Bus scaler? Can I think of it like Managed Identities for Azure Resources, but in Kubernetes?

@tomkerkhove

This comment has been minimized.

Copy link
Member Author

commented May 20, 2019

That is correct @jeffhollan - AAD Pod Identity allows you to assign AD Apps to Pods which will use MSI (concept)

This would allow us to connect to Azure Storage, Monitor, et al without using secrets.

@yaron2

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Important to note this only works for clusters running in Azure.

@tomkerkhove

This comment has been minimized.

Copy link
Member Author

commented May 20, 2019

That's a good point, I was just reading about that.

Are there plans to support this kind of things via some sort of vendor plugins or so? It would be really good to be able to opt-in for this.

@yaron2

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Unfortunately its coupled to metadata coming from Azure VMs for aks/aks-engine.

@tomkerkhove

This comment has been minimized.

Copy link
Member Author

commented May 20, 2019

This is decoupled from Keda by using the framework and handled by AAD Pod Identity for us, all we would need to do is provide the capability to choose to use ADAL instead.

@yaron2

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Yep.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.