AzurePodIdentityException
Allow pods with certain labels to access IMDS without being intercepted by NMI.
Examples
apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzurePodIdentityException
metadata:
name: aks-addon-exception
namespace: kube-system
spec:
podLabels:
kubernetes.azure.com/managedby: aks
AzurePodIdentityException
| Field | Description |
|---|---|
apiVersionstring | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources. |
kindstring | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds. |
metadataObjectMeta | Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata |
specAzurePodIdentityExceptionSpec | Describes the specifications of which pods are allowed to access IMDS without being intercepted by NMI. |
AzurePodIdentityExceptionSpec
| Field | Description |
|---|---|
podLabelsmap[string]string | Pods with matching labels will bypass NMI validation. |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified November 9, 2020: docs: add docs for various topics (#858) (4f6aa151)