-
Notifications
You must be signed in to change notification settings - Fork 415
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate from AAD pod identity to Azure Workload Identity #2205
Comments
I can work on this one. |
@sonasingh46 let me know if you need any help with this one. Excited to see it moving forward. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
@sonasingh46 is this something you're still working on? Now that workload identity supports managed identity and identity federation, this would allow us to use managed identities even for management clusters not in Azure (eg. kind clusters!) Azure/azure-workload-identity#325 |
I had given some first pass time on this issue and then paused for some time on this. |
@sonasingh46 I'm going to mark this for the current release milestone given that you're working on it, if it's too tight we can move it to the next one (the next release date is ~1 month away) /milestone v1.6 |
Moving this to the next milestone, but worth mentioning that we definitely want to prioritize this for 1.7 (let's not push it out indefinitely) |
Is there a documentation to do provide identities for any pod a generic k8s cluster (read non-AKS) ? I found that most of the docs for this refer to doing stuff on AKS, while I want to solve this for any k8s cluster on Azure. I am trying to solve this very problem for another project confidential-containers/cloud-api-adaptor#974 |
Just linking the doc PR here for the record. |
/kind feature
Azure AD Workload Identity is the next iteration of Azure AD Pod Identity that enables Kubernetes applications to access Azure cloud resources securely with Azure Active Directory based on annotated service accounts.
Since Azure AD Pod Identity is getting deprecated, we should migrate all CAPZ usage to Azure Workload Identity.
The text was updated successfully, but these errors were encountered: