Task: Modify Managed Identity script to have option to create identity, and not deploy aad-pod-identity #1123
Labels
low-priority
Low priority item. We'll get to it eventually.
Comments
jananivMS
added
low-priority
|
I would like to add that user can have aad-pod-identity already deployed in the cluster and the only thing needed in that case is to specify which managed identity to use without any dependency installation. Besides that this will allow aad pod identity to be updated separately faster than ASO maintainers update it the chart. |
|
I removed the existing script entirely in favor of clearly documenting how to create an identity (if needed). This allows customers more freedom to pick exactly the permissions they want to assign to the identity. See: https://github.com/Azure/azure-service-operator/blob/master/docs/howto/managedidentity.md |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the managed identity script will provision a managed identity, assign it permissions, and then install and create the required aad-pod-identity components into the cluster.
It would be useful to give the script functionality, perhaps with a flag, to provision the identity and permissions, and then print out the resource and client ID to the command line for the user.
The user would then be able to take the output client and resource ID and be able to use it with the Helm Chart.
The managed identity docs also do not provide manual instructions anymore on how to create a managed identity:
https://github.com/Azure/azure-service-operator/blob/master/docs/howto/managedidentity.md
Done criteria
This is the "done" criteria for this task
The text was updated successfully, but these errors were encountered: