Azure AD Workload Identity uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods.

This guide demonstrates creating a Kubernetes private cluster in Google Kubernetes Engine (GKE) running a sample Kubernetes workload that connects to a Cloud SQL instance using the cloud-sql-proxy "sidecar" authenticated using Workload Identity (Beta).

Securely access AWS services from GKE cluster

Example setup of workload-identity into a Kubernetes cluster on GCP - https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Deploy an Azure Function Service Bus trigger using KEDA Add-on for AKS for scaling and connecting to Azure Service Bus using workload identity for AKS.

Script and container demonstrating SAML SSO for google apps domains

.net library with extensions for passwordless authentication to Azure Database for MySql and Azure Database for PostgreSQL

SPIFFE Demo Application

Azure Identity Scripts for Entra ID & Azure DevOps Service Connections

GKE IAM role and workload identity sample project

Identity Manager Operator

Provisions a Google Kubernetes Engine, along with ArgoCD to bootstrap the cluster with applications

End to end example using Batec extensions to connect to PostgreSQL and MySql using passwordless authentication.

Terraform-managed Azure Service Connection

Kubernetes Helm Chart for HashiCorp Vault with Auto-Unseal This Helm chart helps deploy HashiCorp Vault on Kubernetes with auto-unseal enabled using cloud KMS (Azure, AWS, GCP). The repository includes a step-by-step guide for seamless setup, troubleshooting, and secure configurations for production environments.

Storage provisioning through Cloud SQL

This repo maintains Terraform module for workload Identity for k8s cluster

Azure DevOps Workload Identity Federation - Updating your Azure DevOps ARM Service Connections to use the recommended Workload Identity Federation