-
Notifications
You must be signed in to change notification settings - Fork 510
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate to Azure AD Workload Identities (once User Managed Identity support is in Preview) #111
Comments
Cluster has been moved to user-managed identity as a pre-req for this. |
This is implemented in the Regulated Workloads cluster, waiting a bit yet before we can backport it to baseline. |
We'll want to wait until v2. v1 is not currently template friendly (in that you have to deploy the cluster twice to associate your first identity) |
The OIDC Issuer feature needs to be enabled on the cluster for this to work. That work is being spiked out in #274 |
OIDC Issuer is included in the implementation now, that's the first part of this feature. |
While we could move to workload identities now, we'd have to create the app registration in Azure AD by hand. I'm thinking it'll make more sense to wait until managed identity support ships, so we can keep this a native azure experience, akin to what we have now with pod identity |
We are tracking development of workload identity, with user managed identity support, closely. A lot is still "in flight" at the moment, but we took the time to explore the change in a "placeholder" PR. If you're interested in seeing the current direction of things, you can follow along in: #326 |
This is now complete with the work done in #326, which has been merged. |
Today we install AAD Pod Identity ourselves to make it available to our workloads. AAD Pod Identity is coming as a managed add-on to eliminate this manual step.
The text was updated successfully, but these errors were encountered: