Skip to content

Commit

Permalink
docs: add note about pod identity deprecation
Browse files Browse the repository at this point in the history 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
  • Loading branch information
@aramase
aramase committed Nov 9, 2022
1 parent 384c8e7 commit c973e50
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 6 deletions.
12 changes: 6 additions & 6 deletions website/content/en/configurations/identity-access-modes/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ description: >

Following order of access modes is recommended for Secret Store CSI driver AKV provider:

| Access Option | Comment |
| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Workload Identity (Preview) [**RECOMMENDED**] | This is currently in preview. It's a secure way to access Key Vault based on the [Workload Identity Federation](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation). |
| Pod Identity | This is the most secure way to get access to Azure resources (AKV in this case) as it uses the managed identity bound to the Pod. |
| Managed Identities (System-assigned and User-assigned) | Managed identities eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to Azure Keyvault. |
| Service Principal | This is the last option to consider while connecting to AKV as access credentials need to be created as Kubernetes Secret and stored in plain text in etcd. |
| Access Option | Comment |
| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Workload Identity (Preview) [**RECOMMENDED**] | This is the most secure way to access Key Vault based on the [Workload Identity Federation](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation). |
| Pod Identity [**NOT RECOMMENDED**] | [AAD Pod Identity](https://github.com/Azure/aad-pod-identity) has been [DEPRECATED](https://github.com/Azure/aad-pod-identity#-announcement).<br>This provides a way to get access to Azure resources (AKV in this case) using the managed identity bound to the Pod.</br> |
| Managed Identities (System-assigned and User-assigned) | Managed identities eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to Azure Keyvault. |
| Service Principal | This is the last option to consider while connecting to AKV as access credentials need to be created as Kubernetes Secret and stored in plain text in etcd. |
2 changes: 2 additions & 0 deletions website/content/en/configurations/identity-access-modes/pod-identity-mode.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ spec:

## Configure AAD Pod Identity to access Keyvault

> NOTE: [AAD Pod Identity](https://github.com/Azure/aad-pod-identity) has been [DEPRECATED](https://github.com/Azure/aad-pod-identity#-announcement). We recommend using [Workload Identity](../workload-identity-mode) instead.
**Prerequisites**

💡 Make sure you have installed pod identity to your Kubernetes cluster
Expand Down

0 comments on commit c973e50

Please sign in to comment.