Using AAD Pod Identity in an AKS Cluster

Prerequisites:

To use AAD Pod Identity we first need to deploy the required resources. We can do this in two ways, manually or using helm.

Deploy Manually

Execute the following command in your Azure CLI:

If all went well, you’ll see similiar output to this when running the following command:

Deploy using Helm

Helm is a package manager for kubernetes deployement, I personally prefer it when compared to deploying manually, because it makes maintenance and updating a lot easier.

Execute the following command in your Azure CLI:

If all went well, you’ll see similiar output to this when running the following command:

2. Create a new managed identity, give it a name, subscription, resource group and location.

3. Take note of the Client ID

4. Take note of the Resource ID

5. Create an Azure Identity resource by downloading this gist and modifying the values

Modify the values and save and quit

Run the following command to create the identity:

To check if it has been created properly run the following command:

Modify the values and save and quit

Run the following command to create the identity:

To check if it has been created properly run the following command:

To use the identity in a pod you’ll have to define a label with the key “aadpodidbinding” and set the value to the selector you defined in your azure-identity-binding.yaml

This example shows you how to bind your Azure Managed Identity to a busybox (a pod that really isn’t as busy, as its name suggests).

Modify the values and save and quit

To create the busybox run the following command:

To see if the the azure managed identity has been assigned to your pod and everything has been configured properly, run the following command, you should see output similiar to this:

You can easily apply this to your own pod definition (deployement.yaml) by defining a label with the key “aadpodidbinding” and setting the value to selector you defined in your azure-identity-binding.yaml

Related posts:

In terms of stamping, the standard of your toner can easily make a considerable variation inside the ultimate merchandise. That’s why making use of Hewlett hp m281fdw toner packard toner inside your…

How significant do you feel to hear that your cosmic address is planet earth, solar system, milky way galaxy, local group galaxies, virgin cluster galaxies and observable universe? The universe is…

A conversation came up at my office recently about what podcasts are currently on our minds and in our ears. In short order, I rambled off a quick hit list with a brief reason why I recommend each…