Azure AD Workload Identity uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods.

aad azure federated-identity kubernetes oidc workload-identity

Перейти к файлу

dependabot[bot] a42f032a43 chore: bump the all group across 1 directory with 2 updates Bumps the all group with 2 updates in the /examples/msal-net/akvdotnet directory: [Azure.Security.KeyVault.Secrets](https://github.com/Azure/azure-sdk-for-net) and [Microsoft.Identity.Client](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet). Updates `Azure.Security.KeyVault.Secrets` from 4.5.0 to 4.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-net/releases) - [Commits](https://github.com/Azure/azure-sdk-for-net/compare/Azure.Security.KeyVault.Secrets_4.5.0...Azure.Security.KeyVault.Secrets_4.7.0) Updates `Microsoft.Identity.Client` from 4.60.4 to 4.66.2 - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/CHANGELOG.md) - [Commits](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/commits/4.66.2) --- updated-dependencies: - dependency-name: Azure.Security.KeyVault.Secrets dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: Microsoft.Identity.Client dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>		2024-11-18 19:17:05 +00:00
.github	chore: bump actions/upload-artifact from 3.1.2 to 4.4.3 (#1466 )	2024-10-22 22:27:58 -07:00
.pipelines	chore: bump kubernetes deps to v1.31.1 (#1467 )	2024-10-10 17:32:24 +00:00
charts/workload-identity-webhook	release: update manifest and helm charts for v1.3.0 (#1367 )	2024-06-04 15:19:37 -04:00
cmd	chore: bump k8s deps to v1.29.4 and controller-runtime to v0.17.3 (#1292 )	2024-05-02 16:44:37 -04:00
config	release: update manifest and helm charts for v1.3.0 (#1367 )	2024-06-04 15:19:37 -04:00
deploy	release: update manifest and helm charts for v1.3.0 (#1367 )	2024-06-04 15:19:37 -04:00
docker	chore: update to go 1.23 (#1446 )	2024-10-10 06:52:17 -04:00
docs/book	release: update manifest and helm charts for v1.3.0 (#1367 )	2024-06-04 15:19:37 -04:00
examples	chore: bump the all group across 1 directory with 2 updates	2024-11-18 19:17:05 +00:00
hack	chore: remove hack/generate-jwks (#211 )	2021-10-13 22:27:57 +00:00
init	fix: update proxy-init iptables rule to prevent forwarding loop (#402 )	2022-03-25 11:07:39 -07:00
manifest_staging	release: update manifest and helm charts for v1.3.0 (#1367 )	2024-06-04 15:19:37 -04:00
pkg	chore: bump kubernetes deps to v1.31.1 (#1467 )	2024-10-10 17:32:24 +00:00
scripts	chore: use azure storage static web serving rather than public access (#1359 )	2024-06-18 13:28:13 -04:00
test/e2e	chore: bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in /test/e2e (#1468 )	2024-10-10 22:28:27 +00:00
third_party	release: update manifest and helm charts for v1.3.0 (#1367 )	2024-06-04 15:19:37 -04:00
.gitignore	feat: add msal-java example (#375 )	2022-02-17 12:08:08 -08:00
.golangci.yml	chore: update to go 1.23 (#1446 )	2024-10-10 06:52:17 -04:00
.goreleaser.yml	chore: reenable azwi darwin build as part of release (#909 )	2023-04-29 00:08:14 +00:00
CODEOWNERS	ci: add @enj to CODEOWNERS (#927 )	2023-05-04 20:32:42 +00:00
CODE_OF_CONDUCT.md	Initial CODE_OF_CONDUCT.md commit	2021-04-26 06:52:07 -07:00
LICENSE	Initial LICENSE commit	2021-04-26 06:52:09 -07:00
Makefile	chore: update to go 1.23 (#1446 )	2024-10-10 06:52:17 -04:00
PROJECT	feat: rename module and annotations from aad-pod-managed-identity to azure-workload-identity (#150 )	2021-08-24 11:46:00 -07:00
README.md	chore: bump kubernetes deps to v1.31.1 (#1467 )	2024-10-10 17:32:24 +00:00
SECURITY.md	ci: disable markdown link check for SECURITY.md (#445 )	2022-05-10 22:21:58 +05:30
codecov.yml	ci: add codecov.yml (#788 )	2023-03-16 00:03:08 +00:00
go.mod	chore: bump github.com/microsoft/kiota-http-go from 1.4.4 to 1.4.5 (#1453 )	2024-10-10 18:34:47 +00:00
go.sum	chore: bump github.com/microsoft/kiota-http-go from 1.4.4 to 1.4.5 (#1453 )	2024-10-10 18:34:47 +00:00
netlify.toml	docs: enable website preview with netlify (#324 )	2022-01-14 00:40:28 +00:00

README.md

Azure AD Workload Identity

Azure AD Workload Identity is the next iteration of Azure AD Pod Identity that enables Kubernetes applications to access Azure cloud resources securely with Azure Active Directory based on annotated service accounts.

Kubernetes Version	Supported
1.31	✅
1.30	✅
1.29	✅
1.28	✅

Installation

Check out the installation guide on how to deploy the Azure AD Workload Identity webhook.

Quick Start

Check out the Azure AD Workload Identity Quick Start on how to securely access Azure cloud resources from your Kubernetes workload using the Microsoft Authentication Library (MSAL).

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Release

Currently, Azure Workload Identity releases on a monthly basis, targeting the last week of the month.

Support

Azure AD Workload Identity is an open source project that is not covered by the Microsoft Azure support policy. Please search open issues here, and if your issue isn't already represented please open a new one. The project maintainers will respond to the best of their abilities.