search

Azure / kubernetes-keyvault-flexvol

Azure keyvault integration with Kubernetes via a Flex Volume
MIT License
253 stars 84 forks source link

Support system assigned and user assigned managed identity #132

Closed yangl900 closed 5 years ago

yangl900 commented 5 years ago

Reason for Change:

Allow FlexVol to use system assigned or user assigned managed identity on VM / VMSS directly without dependency on pod identity. This is preferred in some cases that we want less dependency, especially on a large scale cluster.

Tested on an AKS cluster without aad-pod-identity.

To use managed identity directly, the volume spec will specify:

usevmmanagedidentity: "true"                 # [OPTIONAL] if not provided, will default to "false"
vmmanagedidentityclientid: "clientid"       # [OPTIONAL] use the client id to specify which user assigned managed identity to use, leave empty to use system assigned managed identity

Issue Fixed:

Notes for Reviewers:

ritazh commented 5 years ago

Thanks for the PR @yangl900! 🎉 Just few minor nits. Other than that, LGTM!

yangl900 commented 5 years ago

thanks for reviewing! I updated the PR to address the comments. Please help take a look!