Azure AD Workload Identity uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods.

aad azure federated-identity kubernetes oidc workload-identity

Перейти к файлу

Anish Ramasekar 1ab87ff349 chore: migrate from `trivy` to `trivy image` (#355 ) Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>		2022-01-31 12:56:00 -08:00
.github	ci: fix dependabot update-types (#343 )	2022-01-21 19:57:29 +00:00
.pipelines	chore: migrate from `trivy` to `trivy image` (#355 )	2022-01-31 12:56:00 -08:00
charts/workload-identity-webhook	release: update manifest and helm charts for v0.7.0 (#299 )	2021-12-14 23:05:30 +00:00
cmd	feat: add initial framework for azwi-cli (#180 )	2021-10-08 10:24:04 -07:00
config	release: update manifest and helm charts for v0.7.0 (#299 )	2021-12-14 23:05:30 +00:00
deploy	release: update manifest and helm charts for v0.7.0 (#299 )	2021-12-14 23:05:30 +00:00
docker	security: fix CVE-2021-3995, CVE-2021-3996 (#349 )	2022-01-25 03:21:31 +00:00
docs/book	docs: remove `go install` step for azwi (#353 )	2022-01-31 09:56:47 -08:00
examples	security: update follow-redirects to 1.14.7 (#327 )	2022-01-19 23:01:04 +00:00
hack	chore: remove hack/generate-jwks (#211 )	2021-10-13 22:27:57 +00:00
init	fix: make proxy port configurable in init-iptables.sh (#178 )	2021-09-13 19:59:54 +00:00
manifest_staging	fix: add tolerations to controller manager deployment (#351 )	2022-01-27 14:41:46 -08:00
pkg	fix: generate federated identity credential name based on service account (#317 )	2022-01-13 14:04:30 -08:00
scripts	test: use official charts repo for helm upgrade tests (#319 )	2022-01-12 09:42:19 -08:00
test	test: remove service account token expiration e2e flag (#301 )	2021-12-15 20:13:36 +00:00
third_party	fix: add tolerations to controller manager deployment (#351 )	2022-01-27 14:41:46 -08:00
.gitignore	chore: release tarball in preparation to support homebrew (#208 )	2021-10-12 15:57:38 -07:00
.golangci.yml	feat: use graph sdk for azwi (#292 )	2021-12-10 15:19:26 -08:00
.goreleaser.yml	ci: use goreleaser for release (#309 )	2022-01-07 11:08:29 -08:00
CODEOWNERS	ci: add CODEOWNERS file (#164 )	2021-08-27 20:28:38 +00:00
CODE_OF_CONDUCT.md	Initial CODE_OF_CONDUCT.md commit	2021-04-26 06:52:07 -07:00
LICENSE	Initial LICENSE commit	2021-04-26 06:52:09 -07:00
Makefile	release: update manifest and helm charts for v0.7.0 (#299 )	2021-12-14 23:05:30 +00:00
PROJECT	feat: rename module and annotations from aad-pod-managed-identity to azure-workload-identity (#150 )	2021-08-24 11:46:00 -07:00
README.md	chore: use pull_request_target and fix broken doc links (#318 )	2022-01-11 15:58:34 -08:00
SECURITY.md	Initial SECURITY.md commit	2021-04-26 06:52:10 -07:00
go.mod	security: bump k8s.io/kubernetes from 1.22.3 to 1.22.6 (#345 )	2022-01-25 18:56:13 +00:00
go.sum	security: bump k8s.io/kubernetes from 1.22.3 to 1.22.6 (#345 )	2022-01-25 18:56:13 +00:00
netlify.toml	docs: enable website preview with netlify (#324 )	2022-01-14 00:40:28 +00:00

README.md

Azure AD Workload Identity

Azure AD Workload Identity is the next iteration of Azure AD Pod Identity that enables Kubernetes applications to access Azure cloud resources securely with Azure Active Directory based on annotated service accounts.

Kubernetes Version	Supported
1.23	✅
1.22	✅
1.21	✅
1.20	✅

Installation

Check out the installation guide on how to deploy the Azure AD Workload Identity webhook.

Quick Start

Check out the Azure AD Workload Identity Quick Start on how to securely access Azure cloud resources from your Kubernetes workload using the Microsoft Authentication Library (MSAL).

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Support

Azure AD Workload Identity is an open source project that is not covered by the Microsoft Azure support policy. Please search open issues here, and if your issue isn't already represented please open a new one. The project maintainers will respond to the best of their abilities.