Workload Identity (OIDC) for AKS
Vložit
- čas přidán 8. 07. 2024
- Scripts: github.com/HoussemDellai/dock...
Follow me on Twitter for more content: / houssemdellai
Chapters:
0:00 - Intro
1:08 - How to connect to Azure resources
3:40 - Existing tools to securely connect to Azure resources
6:09 - How Workload Identity works with AKS
7:26 - Demo
14:17 - Kubernetes Service Account to Azure Managed Identity mapping
15:03 - Resources - Věda a technologie
Thanks for video. Was excellent
I am getting this error --> F1206 09:02:03.164100 1 main.go:15] KEYVAULT_URL environment variable is not set
It is asking for many parameter for env which include federated file, how did you not get that value?
Enable workload identity feature is in preview and not prod ready yet. Can any share the video to setup same using open source project.
Great VIDEO! sir would you please tell me that how can i set these env variables in Azure CLI? I am stuck here
can you give the managed identity RBAC roles on the keyvault instead of using Access Policies? ?
yes, that is exactly right. RBAC on key vault is a bit less granular than access policies, but i believe azure wants to move towards rbac for all things anyways
i have created workload-identity-sa like this
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
azure.workload.identity: XXX-XXXX-XXX-XXXX
labels:
azure.workload.identity/use: "true"
name: workload-identity-sa
namespace: backend-services
via yaml from kubernetes ,but its not created
and after running this. i am deploying pods into Cluster getting error like Azure.Identity.AuthenticationFailedException: ClientAssertionCredential authentication failed: AADSTS70021: No matching federated identity record found for presented assertion.