elasticsearchmachine
commented
2 years ago Pinging @elastic/es-distributed (Team:Distributed)
Open Leaf-Lin opened 2 years ago
elasticsearchmachine
commented
2 years ago Pinging @elastic/es-distributed (Team:Distributed)
artificial-aidan
commented
1 year ago I put together a POC on a fork here.
First time working in Java, and this repo is pretty complicated, but it's working for me. Maybe somebody could take over who is more familiar, or help me work through some of the non-code changes needed.
I think it could be done more cleanly but adding new settings and whatnot, but as a first time contribution, that wasn't as well documented at first glance.
artificial-aidan
commented
12 months ago Bump? Any thoughts, should I open a PR?
horvatal
commented
11 months ago I would try a PR, than it gets more visible to the maintainers ;-)
sabarishkre
commented
4 months ago @artificial-aidan Any PR out yet?
artificial-aidan
commented
4 months ago No, but I've been running the code in production since I made this issue, no problems.
sabarishkre
commented
4 months ago You mean you've been running a build from your repo/branch, containing your changes to support workload identity, in production? If yes, can you provide some more details - does it work with AKS having pod identities as well? Thanks!
artificial-aidan
commented
4 months ago You mean you've been running a build from your repo/branch, containing your changes to support workload identity, in production? If yes, can you provide some more details - does it work with AKS having pod identities as well? Thanks!
I do not use pod identities, but it might work. It just uses the default methods of loading credentials. For workload identities it works fine.
Description
Microsoft is recommending Managed Identities as a superior way of authorizing access.
A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials.
Azure Blob Storage supports Azure Active Directory (Azure AD) authentication with managed identities for Azure resources. Managed identities for Azure resources can authorize access to blob data using Azure AD credentials from applications running in Azure virtual machines (VMs), function apps, virtual machine scale sets, and other services. By using managed identities for Azure resources together with Azure AD authentication, you can avoid storing credentials with your applications that run in the cloud.
I think this issue is different from https://github.com/elastic/elasticsearch/issues/69075 where it requests https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity for Kubernetes Service only. But if we can resolve these two issues with a similar approach, that would be great.