❗ UPDATE: As of Monday 10/02/2023, AAD Pod Identity repo has been archived and is no longer maintained. The repo will be available in read-only mode. There will be no new releases. Please use Azure Workload Identity instead.
Thanks to all the contributors and users who have supported this project over the years! We hope you will continue to support us in our new project, Azure Workload Identity.
❗ IMPORTANT: As of Monday 10/24/2022, AAD Pod Identity is deprecated. As mentioned in the announcement, AAD Pod Identity has been replaced with Azure Workload Identity. Going forward, we will no longer add new features or bug fixes to this project in favor of Azure Workload Identity, which reached General Availability (GA) in Azure Kubernetes Service (AKS). We will provide CVE patches until September 2023, at which time the project will be archived. There will be no new releases after September 2023.
AAD Pod Identity enables Kubernetes applications to access cloud resources securely with Azure Active Directory.
Using Kubernetes primitives, administrators configure identities and bindings to match pods. Then without any code modifications, your containerized applications can leverage any resource in the cloud that depends on AAD as an identity provider.
Setup the correct role assignments on Azure and install AAD Pod Identity through Helm or YAML deployment files. Get familiar with our CRDs and core components.
Try our walkthrough to get a better understanding of the application workflow.
Currently, AAD Pod Identity releases on a monthly basis to patch security vulnerabilities, targeting the first week of the month. Refer to Release Cadence for more details.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
aad-pod-identity is an open source project that is not covered by the Microsoft Azure support policy. Please search open issues here, and if your issue isn't already represented please open a new one. The project maintainers will respond to the best of their abilities.