0

I intend to use AAD Pod Identity so that my kubernetes workloads can leverage managed identities that I create in Azure.

Currently, I create my identities and role assignment through ARM templates. Afterwards, I need to create an instance of the AzureIdentity CRD, which contains a reference to the clientId of the managed identity.

I come from another cloud provider which didn't need a CRD to act on behalf of a service account, so I was wondering what's the best practice for managing this configuration?

Ideally I would like to stay within the realm of ARM templates so I wouldn't have to split up a cluster deployment in several places. However, I don't have an idea of how this would work since I need to generate a yaml that contains a reference to something that comes from other ARM templates. What's a proper way to automate this without having to crack open a script to do queries via the az cli:

  1. Deploy managed cluster + managed identities via ARM template
  2. Create an Azure Identity that is bound to one of those managed identities

I'm not sure if this is possible, but would love to see what others have done.

corgc0der
  • 43
  • 1
  • 4
  • Do you mean something like have an output from one ARM template then use it in the next one? – Bassam Gamal Nov 25 '20 at 09:52
  • Not exactly. I know it's possible do that using `output` field and `reference` functions with linkedTemplates. I'm more curious about the creating the `AzureIdentity` CRD on the kubernetes side of things. Like I find my yaml definitions have to depend on things that are dynamically created with arm templates – corgc0der Nov 25 '20 at 20:36
  • Unfortunately in my case, as ARM doesn't support everything so I end up writing some script to complete the ARM work. – Bassam Gamal Nov 25 '20 at 22:14

0 Answers0