Skip to main content

Using Azure Pod Identity

As described in Namespace Onboarding, your team namespace is initialized with an Azure AD Pod Identity that can be used to securely access resources in Azure. In this guide you'll be learning how to bind the Pod Identity to your Deployment.

Get identity name

Execute the following command to get names of available identities in your team namespace:

kubectl get azureidentity -o jsonpath='{.items[].metadata.name}' -n your-team-namespace

Bind the identity to your Deployment

Use the name acquired in the previous step to bind your Pod Identity to your Deployment by setting the label aadpodidbinding:

deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: "your-team-namespace"
name: "test-app"
labels:
app: "test-app"
spec:
selector:
matchLabels:
app: "test-app"
template:
metadata:
name: "test-app"
labels:
aadpodidbinding: "your-team-pod-identity" # Change this
app: "test-app"
spec:
containers:
- name: "test-app"
image: "gjensidige.azurecr.io/test-app:12345"

Your Deployment is now ready to use Azure AD Pod Identity 🚀

Useful Azure resources on using Pod Identity

Official Documentation