Identity control is one of the most critical security requirements for any application. Not only control of the identities used to access your application, but control of the identities your application uses to access other systems. In this workshop we'll work through enabling Azure Active Directory Workload Identity and using that identity from an application.
Make sure the following are complete before setting up ingress.
- Cluster is provisioned and accessible via 'kubectl'
- The new Azure Workload Identity feature must be enabled on the existing AKS cluster
- A new Managed Identity should be created in the cluster resource group
- A new Kubernetes Service Account must be created in a new namespace
- The Managed Identity and Service Account must be federated using the cluster OIDC Issuer
- Via custom code, you must demostrate an authenticated connection to an AAD Auth enabled endpoint to retrieve data
- Enable the cluster for AAD Workload Identity
- Create the AAD side and cluster side identities
- Configure an AAD enabled target for testing
- Write the code to test your Workload Identity setup
- Deploy the application to your AKS cluster and demonstrate it's operation
Useful links: