phillipgibson
commented
3 years ago Thanks @chirangaalwis. We are currently looking at new architectures for auth assignments. Please stay tuned for updates.
Closed chirangaalwis closed 2 years ago
phillipgibson
commented
3 years ago Thanks @chirangaalwis. We are currently looking at new architectures for auth assignments. Please stay tuned for updates.
chirangaalwis
commented
3 years ago Thanks @phillipgibson appreciate the quick response. Please let us know of any update channels which we can stay tuned to.
aramase
commented
2 years ago Azure Key Vault Provider for Secrets Store CSI Driver release v1.1.0 supports workload identity federation for accessing key vault. Refer to https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/configurations/identity-access-modes/workload-identity-mode/ for how to setup and access keyvault based on OIDC federation.
Describe the solution you'd like Currently, in the approach using a Service Principal for integrating the Key Vault with the AKS cluster, it is required to provide the Service Principal credentials via a Kubernetes Secret.
As you may know already, the native Kubernetes Secret usage can lead to problems.
Thus, in this request we would like to propose the an approach which binds the Service Principal to Kubernetes Service Accounts within an AKS cluster.
The AKS based feature request for this can be found from https://github.com/Azure/AKS/issues/1948, as reported by @dhananjaya-senanayake. This issue contains a perfect description of the request.
It is highly appreciated if we can consider this of high priority, as this is a basic requirement, as per my understanding.