Migrate to Azure AD Workload Identities (once User Managed Identity support is in Preview) #111
Comments
|
Cluster has been moved to user-managed identity as a pre-req for this. |
|
This is implemented in the Regulated Workloads cluster, waiting a bit yet before we can backport it to baseline. |
|
We'll want to wait until v2. v1 is not currently template friendly (in that you have to deploy the cluster twice to associate your first identity) |
|
The OIDC Issuer feature needs to be enabled on the cluster for this to work. That work is being spiked out in #274 |
|
OIDC Issuer is included in the implementation now, that's the first part of this feature. |
|
While we could move to workload identities now, we'd have to create the app registration in Azure AD by hand. I'm thinking it'll make more sense to wait until managed identity support ships, so we can keep this a native azure experience, akin to what we have now with pod identity |
|
We are tracking development of workload identity, with user managed identity support, closely. A lot is still "in flight" at the moment, but we took the time to explore the change in a "placeholder" PR. If you're interested in seeing the current direction of things, you can follow along in: #326 |
|
This is now complete with the work done in #326, which has been merged. |
Today we install AAD Pod Identity ourselves to make it available to our workloads. AAD Pod Identity is coming as a managed add-on to eliminate this manual step.
The text was updated successfully, but these errors were encountered: