GA: Azure Active Directory workload identity with AKS
Share
Services
In Azure Kubernetes Service (AKS) today, a preview feature allows you to assign [managed identities at the pod-level](https://learn.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity). This pod-managed identity allows the hosted workload or application access to resources through Azure Active Directory (Azure AD). For example, a workload stores files in Azure Storage, and when it needs to access those files, the pod authenticates itself against the resource as an Azure managed identity.
This authentication method is now replaced with [Azure Active Directory (Azure AD) workload identities](https://learn.microsoft.com/en-us/azure/active-directory/develop/workload-identities-overview), which integrate with the Kubernetes native capabilities to federate with any external identity providers. This approach is simpler to use and deploy, and overcomes several limitations in Azure AD pod-managed identity:
* Removes the scale and performance issues that existed for identity assignment
* Supports Kubernetes clusters hosted in any cloud or on-premises
* Supports both Linux and Windows workloads
* Removes the need for Custom Resource Definitions and pods that intercept [Azure Instance Metadata Service](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service) (IMDS) traffic
* Avoids the complicated and error-prone installation steps such as cluster role assignment from the previous iteration
Azure AD workload identity works especially well with the Azure Identity client library using the [Azure SDK](https://azure.microsoft.com/downloads/) and the [Microsoft Authentication Library](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview) (MSAL) if you're using [application registration](https://learn.microsoft.com/en-us/azure/active-directory/develop/application-model#register-an-application). Your workload can use any of these libraries to seamlessly authenticate and access Azure cloud resources.
Learn more: <https://aka.ms/aks/workloadidentity>
* Azure Kubernetes Service (AKS)
* Features
* Security
* [ Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-gb/products/kubernetes-service/)
What else is happening at Microsoft Azure?
Read update
Services
Share
Generally Available: Storage account default maximum request rate limit increase to 40,000 requests per second
December 12th, 2024
Services
Share
Read update
Services
Share
Generally Available: Regional Disaster Recovery by Azure Backup for AKS
November 22nd, 2024
Services
Share
Generally Available: Enhancements on Azure Container Storage for performance, scalability, and operational insights
November 19th, 2024
Services
Share