Bicep/ARM template for workload identity

[chitturs]

Can we document bicep/ARM templates for automated, safe deployments?

Thanks

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 773aa5fa-a931-f6f1-f339-6367cef12209
• Version Independent ID: 48c7d57f-55a0-5894-5379-ef7d6ed1e24d
• Content: Deploy and configure an Azure Kubernetes Service (AKS) cluster with workload identity (preview) - Azure Kubernetes Service
• Content Source: articles/aks/workload-identity-deploy-cluster.md
• Service: container-service
• GitHub Login: @MGoedtel
• Microsoft Alias: magoedte

[YashikaTyagii]

@chitturs Thanks for your feedback! We will investigate and update as appropriate.

[AjayBathini-MSFT]

Hi @chitturs Could you please find below link for your reference. https://learn.microsoft.com/en-us/azure/templates/

[chitturs]

Hi @chitturs Could you please find below link for your reference. https://learn.microsoft.com/en-us/azure/templates/

Hey @AjayBathini-MSFT, I was looking for a specific sample showing a bicep template instead of az for both cluster creation with oidc and workloadid addons and federated credentials for managed identity. In addition, show samples of helm charts needed for the pod labels, annotations, service accounts, etc.

[AjayBathini-MSFT]

Hi @chitturs As per my research i have found two links for the above query which can be helpful. If you need any further assistance, you can reach out to support Team. https://learn.microsoft.com/en-us/azure/templates/microsoft.operationalinsights/clusters?pivots=deployment-language-bicep https://learn.microsoft.com/en-us/azure/templates/microsoft.managedidentity/userassignedidentities?pivots=deployment-language-arm-template

Support Link: I'd recommend working closer with our support team via an [Azure support request] (https://docs.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request).

[miqm]

👍🏻 on this.

The links you've provided does not provide how to create federated identity on the managed identity. Limiting this to a CLI task (and not even a powershell) is a bit problematic.

Please extend the documentation to flow with bicep and powershell.

[AjayBathini-MSFT]

Hi @miqm

To create federated identity on the managed identity we found the link for your reference. I

https://learn.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust-user-assigned-managed-identity?pivots=identity-wif-mi-methods-azp#:~:text=the%20following%20steps.-,Configure%20a%20federated%20identity%20credential%20on%20a%20user%2Dassigned%20managed%20identity,In%20the%20Federated%20credential%20scenario%20dropdown%20box%2C%20select%20your%20scenario.,-GitHub%20Actions%20deploying

[miqm]

The link you provided is for using portal action. Please update the docs with bicep code if it's possible or explicitly say that you can't do this with ARM/Bicep.

[AjayBathini-MSFT]

@miqm I'm going to assign this to the document author so they can take a look at it accordingly.

@MGoedtel Can you please check and add your comments on this doc update request as applicable.

[MGoedtel]

@chitturs - Thanks for your inquiry. Here is an Azure Solution sample demonstrating how to deploy an AKS cluster with Workload Identity for a .NET-based application workload. It includes ARM/Bicep templates to accomplish this enterprise-grade configuration that is based on Workload Identity preview. You can evaluate if this fits your needs.

We are planning to publish a similar how-to guide after GA of this feature. Stay tuned.

I'm going to proceed with closing this GitHub issue as this isn't based on a specific issue identified with our existing documentation. #please-close