Closed khowling closed 11 months ago
It is specific to the workload (service account) - so perhaps more relevant to https://github.com/Azure-Samples/java-aks-keyvault-tls ?
Good Shout, but we've been having issues consuming aksc in a workload repo, selecting csi&keyvault options, then configuring the workload to use it with federated identity. I cant see how its possible at the moment without the workload repo needing to create their own keyvault. This pattern need attention!
Agreed, I think the app would need their own keyvault. Rbac will become tricky.
Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.
As described here https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access#access-with-an-azure-ad-workload-identity