Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mayur1064/selenium-demo-bot


https://github.com/mayur1064/selenium-demo-bot

Last synced: 4 months ago
JSON representation

Awesome Lists containing this project

README 

        
Key Components

Azure Key Vault: A cloud service for securely storing and accessing secrets, keys, and certificates.



Azure AD Workload Identity: Enables Kubernetes workloads to use Azure AD identities for authentication.



SecretProviderClass: A custom resource in AKS that defines how secrets are fetched from Azure Key Vault.



Managed Identity: An Azure AD identity (User-Assigned or System-Assigned) that represents the AKS cluster or workload.



Federated Identity Credential: Links the Kubernetes service account to the Azure AD managed identity.



Steps to Authenticate and Fetch Secrets

Step 1: Enable Workload Identity in AKS

Ensure that Workload Identity is enabled on your AKS cluster.



You can enable it during cluster creation or update an existing cluster.



Step 2: Create a Managed Identity

Create a User-Assigned Managed Identity in Azure.



Assign the necessary permissions (e.g., Key Vault Secrets User) to this identity to access the Azure Key Vault.



Step 3: Configure Federated Identity Credential

Create a Federated Identity Credential in Azure AD to link the Kubernetes service account to the managed identity.



Specify the AKS cluster's OIDC issuer URL and the Kubernetes service account name.



Step 4: Create a Kubernetes Service Account

Create a Kubernetes service account in your AKS cluster.



Annotate the service account with the client ID of the managed identity:



Step 5: Define the SecretProviderClass

Create a SecretProviderClass custom resource to specify how secrets are fetched from Azure Key Vault.



Step6: Deploy the Workload

Deploy your workload (e.g., a Pod) and associate it with the service account and SecretProviderClass.