Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workload identity support in Kubernetes provider #795

Closed
AbhiReen opened this issue Aug 30, 2023 · 3 comments
Closed

Workload identity support in Kubernetes provider #795

AbhiReen opened this issue Aug 30, 2023 · 3 comments
Assignees
@RichardChen820
Labels
enhancement New feature or request Kubernetes
Projects
Azure App Configuration Roadmap

Comments

@AbhiReen
Copy link

AbhiReen commented Aug 30, 2023
edited
Loading

Is there a plan to support Workload identity for the kubernetes provider and do you have a timeline for it?
@RichardChen820 RichardChen820 self-assigned this Aug 30, 2023
@zhenlan
Copy link
Contributor

zhenlan commented Sep 1, 2023

Yes, we do have a plan to support workload identity in the near future.

@zhenlan zhenlan changed the title Workload identity support Workload identity support in Kubernetes provider Sep 1, 2023
@zhenlan zhenlan added the enhancement New feature or request label Sep 1, 2023
@zhenlan zhenlan mentioned this issue Sep 1, 2023
Closed
@RichardChen820
Copy link
Contributor

RichardChen820 commented Sep 4, 2023
edited
Loading

Support workload identity is on our radar, we plan to support it at the controller pod level.

To support one-to-many serviceAccount-to-identity map, a new setting workloadIdentity would be added in API, sample yaml:

apiVersion: azconfig.io/v1beta1
kind: AzureAppConfigurationProvider
metadata:
  name: demo-provider
spec:
  endpoint: https://contoso.azconfig.io
  target:
    configMapName: configmap-demo
  auth: 
    workloadIdentity:
      managedIdentityClientId: <client id of managed identity>

I imagine using workload identity in App Configuration Kubernetes Provider should take following steps:

  1. Enable cluster workload identity
  2. Create a managed identity, and assign the appropriate role to it.
  3. Create federated credential for managed identity.
  4. Set the managed identity client ID to auth.workloadIdentity.ManagedIdentityClientId in yaml

@zhenlan zhenlan moved this from Planned to In progress in Azure App Configuration Roadmap Sep 8, 2023
@RichardChen820 RichardChen820 moved this from In progress to Preview in Azure App Configuration Roadmap Sep 14, 2023
@RichardChen820
Copy link
Contributor

Workload identity support is available in preview4

See here for a detailed usage guide.

@zhenlan zhenlan moved this from Preview to Generally Available (Done) in Azure App Configuration Roadmap Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RichardChen820 RichardChen820

Labels
enhancement New feature or request Kubernetes
Projects
Azure App Configuration Roadmap
Generally Available (Done)
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zhenlan @AbhiReen @RichardChen820