https://github.com/mayur1064/selenium-demo-bot
https://github.com/mayur1064/selenium-demo-bot
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/mayur1064/selenium-demo-bot
- Owner: mayur1064
- Created: 2022-11-12T12:58:33.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2025-02-03T10:12:12.000Z (5 months ago)
- Last Synced: 2025-02-03T10:35:15.249Z (5 months ago)
- Language: Java
- Size: 60.2 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme
Awesome Lists containing this project
README
Key Components
Azure Key Vault: A cloud service for securely storing and accessing secrets, keys, and certificates.Azure AD Workload Identity: Enables Kubernetes workloads to use Azure AD identities for authentication.
SecretProviderClass: A custom resource in AKS that defines how secrets are fetched from Azure Key Vault.
Managed Identity: An Azure AD identity (User-Assigned or System-Assigned) that represents the AKS cluster or workload.
Federated Identity Credential: Links the Kubernetes service account to the Azure AD managed identity.
Steps to Authenticate and Fetch Secrets
Step 1: Enable Workload Identity in AKS
Ensure that Workload Identity is enabled on your AKS cluster.You can enable it during cluster creation or update an existing cluster.
Step 2: Create a Managed Identity
Create a User-Assigned Managed Identity in Azure.Assign the necessary permissions (e.g., Key Vault Secrets User) to this identity to access the Azure Key Vault.
Step 3: Configure Federated Identity Credential
Create a Federated Identity Credential in Azure AD to link the Kubernetes service account to the managed identity.Specify the AKS cluster's OIDC issuer URL and the Kubernetes service account name.
Step 4: Create a Kubernetes Service Account
Create a Kubernetes service account in your AKS cluster.Annotate the service account with the client ID of the managed identity:
Step 5: Define the SecretProviderClass
Create a SecretProviderClass custom resource to specify how secrets are fetched from Azure Key Vault.Step6: Deploy the Workload
Deploy your workload (e.g., a Pod) and associate it with the service account and SecretProviderClass.