yes, that is exactly right. RBAC on key vault is a bit less granular than access policies, but i believe azure wants to move towards rbac for all things anyways
i have created workload-identity-sa like this apiVersion: v1 kind: ServiceAccount metadata: annotations: azure.workload.identity: XXX-XXXX-XXX-XXXX labels: azure.workload.identity/use: "true" name: workload-identity-sa namespace: backend-services via yaml from kubernetes ,but its not created and after running this. i am deploying pods into Cluster getting error like Azure.Identity.AuthenticationFailedException: ClientAssertionCredential authentication failed: AADSTS70021: No matching federated identity record found for presented assertion.
I am getting this error --> F1206 09:02:03.164100 1 main.go:15] KEYVAULT_URL environment variable is not set
It is asking for many parameter for env which include federated file, how did you not get that value?
Enable workload identity feature is in preview and not prod ready yet. Can any share the video to setup same using open source project.
can you give the managed identity RBAC roles on the keyvault instead of using Access Policies? ?
yes, that is exactly right. RBAC on key vault is a bit less granular than access policies, but i believe azure wants to move towards rbac for all things anyways
Thanks for video. Was excellent
Great VIDEO! sir would you please tell me that how can i set these env variables in Azure CLI? I am stuck here
i have created workload-identity-sa like this
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
azure.workload.identity: XXX-XXXX-XXX-XXXX
labels:
azure.workload.identity/use: "true"
name: workload-identity-sa
namespace: backend-services
via yaml from kubernetes ,but its not created
and after running this. i am deploying pods into Cluster getting error like Azure.Identity.AuthenticationFailedException: ClientAssertionCredential authentication failed: AADSTS70021: No matching federated identity record found for presented assertion.