Update the CSI Secret Identity to use a BYO Managed User and Setup the required federation

Question

Update the CSI Secret Identity to use a BYO Managed User and Setup the required federation

khowling opened this issue 9 months ago · comments

As described here
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access#access-with-an-azure-ad-workload-identity

Gordon Byers · Answer 1 · Sun Aug 13 2023 19:08:06 GMT+0800 (China Standard Time)

It is specific to the workload (service account) - so perhaps more relevant to https://github.com/Azure-Samples/java-aks-keyvault-tls ?

Keith Howling · Answer 2 · Mon Aug 14 2023 02:03:58 GMT+0800 (China Standard Time)

Good Shout, but we've been having issues consuming aksc in a workload repo, selecting csi&keyvault options, then configuring the workload to use it with federated identity. I cant see how its possible at the moment without the workload repo needing to create their own keyvault. This pattern need attention!

Gordon Byers · Answer 3 · Tue Aug 15 2023 04:01:10 GMT+0800 (China Standard Time)

Agreed, I think the app would need their own keyvault. Rbac will become tricky.

github-actions · Answer 4 · Thu Sep 14 2023 17:25:50 GMT+0800 (China Standard Time)

Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.