An open API service indexing awesome lists of open source software.

https://github.com/mayur1064/selenium-demo-bot


https://github.com/mayur1064/selenium-demo-bot

Last synced: 4 months ago
JSON representation

Awesome Lists containing this project

README

        

Key Components
Azure Key Vault: A cloud service for securely storing and accessing secrets, keys, and certificates.

Azure AD Workload Identity: Enables Kubernetes workloads to use Azure AD identities for authentication.

SecretProviderClass: A custom resource in AKS that defines how secrets are fetched from Azure Key Vault.

Managed Identity: An Azure AD identity (User-Assigned or System-Assigned) that represents the AKS cluster or workload.

Federated Identity Credential: Links the Kubernetes service account to the Azure AD managed identity.

Steps to Authenticate and Fetch Secrets
Step 1: Enable Workload Identity in AKS
Ensure that Workload Identity is enabled on your AKS cluster.

You can enable it during cluster creation or update an existing cluster.

Step 2: Create a Managed Identity
Create a User-Assigned Managed Identity in Azure.

Assign the necessary permissions (e.g., Key Vault Secrets User) to this identity to access the Azure Key Vault.

Step 3: Configure Federated Identity Credential
Create a Federated Identity Credential in Azure AD to link the Kubernetes service account to the managed identity.

Specify the AKS cluster's OIDC issuer URL and the Kubernetes service account name.

Step 4: Create a Kubernetes Service Account
Create a Kubernetes service account in your AKS cluster.

Annotate the service account with the client ID of the managed identity:

Step 5: Define the SecretProviderClass
Create a SecretProviderClass custom resource to specify how secrets are fetched from Azure Key Vault.

Step6: Deploy the Workload
Deploy your workload (e.g., a Pod) and associate it with the service account and SecretProviderClass.