Update docs on Azure identity #1167
Conversation
| @@ -233,6 +233,12 @@ by extension gain access to ACR. | |||
| When the kubelet managed identity has access to ACR, source-controller running on | |||
| it will also have access to ACR. | |||
|
|
|||
| *Note*: If you have more identity configured on the cluster, you have to specify which one to use | |||
There was a problem hiding this comment.
| *Note*: If you have more identity configured on the cluster, you have to specify which one to use | |
| *Note*: If you have more than one identity configured on the cluster, you have to specify which one to use |
| To use Workload Identity, you have to install the Workload Identity | ||
| mutating webhook and create an identity that has access to ACR. Next, establish | ||
| To use Workload Identity, the Workload Identity mutating webhook has to be installed on your cluster and | ||
| you have tocreate an identity that has access to ACR. Next, establish |
There was a problem hiding this comment.
| you have tocreate an identity that has access to ACR. Next, establish | |
| you have to create an identity that has access to ACR. Next, establish |
| @@ -224,7 +224,7 @@ to the IAM role when using IRSA. | |||
|
|
|||
| #### Azure | |||
|
|
|||
| The `azure` provider can be used to authenticate automatically using kubelet managed | |||
| The `azure` provider can be used to authenticate automatically using workload identity, kubelet managed | |||
There was a problem hiding this comment.
| The `azure` provider can be used to authenticate automatically using workload identity, kubelet managed | |
| The `azure` provider can be used to authenticate automatically using Workload Identity, kubelet managed |
| a federated identity between the source-controller ServiceAccount and the | ||
| identity. Patch the source-controller Pod and ServiceAccount as shown in the patch | ||
| above. Please take a look at this [guide](https://azure.github.io/azure-workload-identity/docs/quick-start.html#6-establish-federated-identity-credential-between-the-identity-and-the-service-account-issuer--subject). | ||
|
|
||
| ##### AAD Pod Identity | ||
| ##### AAD Pod Identity - Deprecated! |
There was a problem hiding this comment.
| ##### AAD Pod Identity - Deprecated! | |
| ##### Deprecated: AAD Pod Identity |
|
Also, these changes would apply to OCIRepository and Bucket spec docs too. |
| ##### AAD Pod Identity | ||
| ##### Deprecated: AAD Pod Identity | ||
|
|
||
| **Note:** The AAD Pod Identity project will be archived in [September 2023](https://github.com/Azure/aad-pod-identity#-announcement), |
There was a problem hiding this comment.
Should we have warnings instead of notes for deprecation?
There was a problem hiding this comment.
We can follow the docs style guide
https://fluxcd.io/contributing/docs/style-guide/#warning
There was a problem hiding this comment.
Since these docs are used in the docs site, it may be better to use all the shortcodes. But then that'll not be a standard markdown document and I think at present, the spec docs are just standard markdown documents.
We may have to collectively decide what to do about it and update all the docs to use the shortcodes if we go with the docs style guide.
There was a problem hiding this comment.
I have changed it to use markdown with Warning instead
Signed-off-by: Somtochi Onyekwere <[email protected]>
somtochiama
force-pushed
the
azure-docs
branch
from
6b80284
to
fb2c74d
Compare
No description provided.