AzureIdentity

Describes one of the following Azure identity resources: 0) user-assigned identity, 1) service principal, or 2) service principal with certificate.

Examples

user-assigned identity

apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzureIdentity
metadata:
  name: <AzureIdentityName>
spec:
  type: 0
  resourceID: <ResourceID>
  clientID: <ClientID>

service principal (single-tenant)

apiVersion: v1
kind: Secret
metadata:
  name: <SecretName>
type: Opaque
data:
  clientSecret: <ClientSecret>
---
apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzureIdentity
metadata:
  name: <AzureIdentityName>
spec:
  type: 1
  tenantID: <TenantID>
  clientID: <ClientID>
  clientPassword: {"name":"<SecretName>","namespace":"<SecretNamespace>"}

service principal (multi-tenant)

apiVersion: v1
kind: Secret
metadata:
  name: <SecretName>
type: Opaque
data:
  clientSecret: <ClientSecret>
---
apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzureIdentity
metadata:
  name: <AzureIdentityName>
spec:
  type: 1
  tenantID: <PrimaryTenantID>
  auxiliaryTenantIDs:
    - <AuxiliaryTenantID1>
    - <AuxiliaryTenantID2>
  clientID: <ClientID>
  clientPassword: {"name":"<SecretName>","namespace":"<SecretNamespace>"}

service principal (certificate)

apiVersion: v1
kind: Secret
metadata:
  name: <SecretName>
type: Opaque
data:
  certificate: <Certificate>
  password: <Password>
---
apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzureIdentity
metadata:
  name: <AzureIdentityName>
spec:
  type: 2
  tenantID: <TenantID>
  clientID: <ClientID>
  clientPassword: {"Name":"<SecretName>","Namespace":"<SecretNamespace>"}

`AzureIdentity`

Field	Description
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.
`metadata` `ObjectMeta`	Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`spec` `AzureIdentitySpec`	Describes the specifications of an identity resource on Azure.

`AzureIdentitySpec`

Field	Description
`type` integer	`0`: user-assigned identity. `1`: service principal. `2`: service principal with certificate.
`resourceID` string	The resource ID of the user-assigned identity (only applicable when `type` is `0`), i.e. `/subscriptions/<SubscriptionID>/resourcegroups/<ResourceGroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<UserAssignedIdentityName>`.
`clientID` string	The client ID of the identity.
`clientPassword` SecretReference	The client secret of the identity, represented as a Kubernetes secret (only applicable when `type` is `1` or `2`).
`tenantID` string	The primary tenant ID of the identity (only applicable when `type` is `1` or `2`).
`auxiliaryTenantIDs` []string	The auxiliary tenant IDs of the identity (only applicable when `type` is `1`).
`adEndpoint` string	The Azure Active Directory endpoint.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified December 8, 2020: feat: use map for azureIdentities instead of list in helm chart (#899) (1c4bb3c2)