vmapetr
commented
9 months ago Hi @daandupauinspark, thanks for reporting! We are working on more prioritized issues at the moment, but will get back to this one soon.
Closed daandupauinspark closed 7 months ago
vmapetr
commented
9 months ago Hi @daandupauinspark, thanks for reporting! We are working on more prioritized issues at the moment, but will get back to this one soon.
Describe your feature request here
As added in:
4255
Can the option be added to use 'client_assertion' jwt-bearer authentication?
If this is added we can use Kubernetes Workload Identity supplied JWT tokens for authentication for the registration step. This would eliminate the need to setup automatic renew mechanisms for PAT and client secrets.
The JWT token is normally injected through a file which is referenced by environment variable: AZURE_FEDERATED_TOKEN_FILE
As for the endpoint to use: AZURE_AUTHORITY_HOST
(or something through MSAL library?) This is also described here: https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview?tabs=dotnet