I'm about to create a new Azure AKS cluster and I want to integrate AKS with Azure Key Vault. A few months ago, during the study phase, I saw that it was necessary to use Azure AD pod-managed identities to do this, but now I found that this will be replaced by Azure AD workload identity
At this point, I'm a bit confused because the first one will be replaced, but the second one is not ready for production.
Any suggestions?
ATM Azure AD pod identities is the way to go. Azure workload identity will replace AAD Pod identity as you already mentioned bcs they will solve some limitations as you can read here. I think there will be a documentation how to migrate from AAD pod identity to Azure Workload identityas soon when they want GA.
You could also use the Azure Key Vault Provider for Secrets Store CSI Driver to integrate Azure Key Vault with your AKS.
