I am planning to assign pod identity to one of my applications. However, I am unable to understand the part where what happens to the assigned pod identity when the pod restarts/dies on its own ?
Does the pod get assigned a new identity on its own?
Asked
Active
Viewed 32 times
1 Answers
1
Not sure about your configuring End to end setup however if you are using it with Service Account and annotating it workload idenetiy it will stay there even if POD will restart or so.
AZURE_AUTHORITY_HOST, azure-identity-token will get auto-injected if POD restarting. Instead of using POD you can also use deployment and attach the Service account to it.
As mentioned in the official doc, it's service account to AAD mapping so if you service account is there in config with POD or deployment it will get secret and other values.
Azure AD Workload Identity supports the following mappings:
one-to-one (a service account referencing an AAD object)
many-to-one (multiple service accounts referencing the same AAD object).
one-to-many (a service account referencing multiple AAD objects by changing the client ID annotation).
Harsh Manvar
- 27,020
- 6
- 48
- 102