c6d0a5674e
Signed-off-by: Ernest Wong <chuwon@microsoft.com> |
||
|---|---|---|
| .github | ||
| .pipelines | ||
| cmd | ||
| config | ||
| deploy | ||
| docker | ||
| docs/book | ||
| examples | ||
| hack | ||
| init | ||
| manifest_staging | ||
| pkg | ||
| scripts | ||
| test | ||
| third_party | ||
| .gitignore | ||
| .golangci.yml | ||
| CODE_OF_CONDUCT.md | ||
| LICENSE | ||
| Makefile | ||
| PROJECT | ||
| README.md | ||
| SECURITY.md | ||
| SUPPORT.md | ||
| go.mod | ||
| go.sum | ||
README.md
AAD Pod Managed Identity
AAD Pod Managed Identity is the next iteration of AAD Pod Identity that enables Kubernetes applications to access Azure cloud resources securely with Azure Active Directory based on annotated service accounts.
Quick Start
Check out the AAD Pod Managed Identity Quick Start to create your first application with .
Overview
The repository contains the following components:
-
The webhook is for mutating pods that reference an annotated service account. The webhook will inject the environment variables and the projected service account token volume.
-
Proxy Init and Proxy
The proxy init container and proxy sidecar container will be used for applications that are still using AAD Pod Identity.
Motivation
- Industry-standard and Kubernetes-friendly authentication based on OpenID Connect (OIDC).
- Remove convoluted steps to set up cluster role assignments.
- Remove the following dependencies:
- Instance Metadata Service (IMDS)
- CustomResourceDefinitions (CRDs)
Goals
- A secure way for cloud-native applications to obtain AAD tokens and access Azure cloud resources in a Kubernetes cluster.