Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from AAD Pod Identity to Workload Identity (Supported by User Managed Identities) & Update AKS Version #326

Merged
merged 43 commits into from
Oct 7, 2022
Merged

Migrate from AAD Pod Identity to Workload Identity (Supported by User Managed Identities) & Update AKS Version #326

Changes from 1 commit
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
bac86fe
WIP changes
ckittel May 2, 2022
f60bb89
Merge branch 'main' into migrate-workload-identity
ckittel May 3, 2022
2a8a82c
WIP Checkpoint
ckittel May 3, 2022
a7012b8
wip
ckittel May 19, 2022
b4edd43
Merge branch 'main' into migrate-workload-identity
ckittel May 19, 2022
39e2778
add fed cred placeholder
ckittel May 19, 2022
1834754
Remove uneeded assignment
ckittel May 19, 2022
cbe2906
Merge branch 'main' into migrate-workload-identity
ckittel May 24, 2022
87f44f1
update pre-reqs
ckittel May 24, 2022
8753601
remove AAD Pod Identity bits from bicep and enable workload identity
ckittel May 24, 2022
8de055d
update region
ckittel May 24, 2022
27750b6
Add policy exceptions for the new namespace
ckittel May 24, 2022
17436f8
test prometheus metrics for workload identity
ckittel May 24, 2022
524f5ce
add placeholders
ckittel May 24, 2022
9e55b59
Get Traefik working
ckittel May 24, 2022
205e02b
Update version text
ckittel May 24, 2022
178a678
Merge branch 'main' into migrate-workload-identity
ckittel May 24, 2022
0b14e8f
pod identity scrub
ckittel May 24, 2022
b1bec1c
Merge branch 'main' into migrate-workload-identity
ckittel May 25, 2022
ab798dc
Stamp file cleanup
ckittel May 25, 2022
5602aa3
Merge branch 'main' into migrate-workload-identity
ckittel May 25, 2022
6719930
Merge branch 'main' into migrate-workload-identity
ckittel May 25, 2022
f57d07a
remove old intro text
ckittel May 25, 2022
c51d837
realign with main
ckittel May 25, 2022
0c2570a
revert spacing changes
ckittel May 25, 2022
8f256a5
revert spacing changes (again)
ckittel May 25, 2022
d5a5906
realign wording with main
ckittel May 25, 2022
31501c2
Merge branch 'main' into migrate-workload-identity
ckittel May 26, 2022
ac77ef6
Merge branch 'main' into migrate-workload-identity
ckittel Aug 17, 2022
18a877e
Merge branch 'main' into migrate-workload-identity
ckittel Oct 7, 2022
76175b4
Merge branch 'main' into migrate-workload-identity
ckittel Oct 7, 2022
8bce245
Merge branch 'main' into migrate-workload-identity
ckittel Oct 7, 2022
7b514e3
wip checkpoint
ckittel Oct 7, 2022
8bcef2e
add Defender for COntainers
ckittel Oct 7, 2022
2085fea
Merge branch 'main' into migrate-workload-identity
ckittel Oct 7, 2022
de46d4b
minor tweaks
ckittel Oct 7, 2022
e26ac8f
Remove unnecessary registration
ckittel Oct 7, 2022
cc87af1
link to learn
ckittel Oct 7, 2022
6e84dd1
remove the legacy 'azure-workload-identity-system' reference
ckittel Oct 7, 2022
5b1f2c6
missed a merge
ckittel Oct 7, 2022
75b0b7a
remove whitespace
ckittel Oct 7, 2022
bbbcc8e
one more, lol
ckittel Oct 7, 2022
3f30586
apply PR feedback. Also resolve bicep warnings on latest version
ckittel Oct 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
revert spacing changes
  • Loading branch information
@ckittel
ckittel committed May 25, 2022
commit 0c2570a06916e0c625ed002a3d1a8abbc0c693a1
38 changes: 19 additions & 19 deletions 09-secret-management-and-ingress-controller.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,26 +29,26 @@ Previously you have configured [workload prerequisites](./08-workload-prerequisi
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: aks-ingress-tls-secret-csi-akv
namespace: a0008
name: aks-ingress-tls-secret-csi-akv
namespace: a0008
spec:
provider: azure
parameters:
clientID: $INGRESS_CONTROLLER_WORKLOAD_IDENTITY_CLIENT_ID
usePodIdentity: "false"
useVMManagedIdentity: "false"
keyvaultName: $KEYVAULT_NAME_AKS_BASELINE
objects: |
array:
- |
objectName: traefik-ingress-internal-aks-ingress-tls
objectAlias: tls.crt
objectType: cert
- |
objectName: traefik-ingress-internal-aks-ingress-tls
objectAlias: tls.key
objectType: secret
tenantId: $TENANTID_AZURERBAC_AKS_BASELINE
provider: azure
parameters:
clientID: $INGRESS_CONTROLLER_WORKLOAD_IDENTITY_CLIENT_ID
usePodIdentity: "false"
useVMManagedIdentity: "false"
keyvaultName: $KEYVAULT_NAME_AKS_BASELINE
objects: |
array:
- |
objectName: traefik-ingress-internal-aks-ingress-tls
objectAlias: tls.crt
objectType: cert
- |
objectName: traefik-ingress-internal-aks-ingress-tls
objectAlias: tls.key
objectType: secret
tenantId: $TENANTID_AZURERBAC_AKS_BASELINE
EOF
```

Expand Down