Match Pods in the Namespace
By default, AAD Pod Identity matches pods to identities across namespaces.
Configurations
An overview of all the features of AAD Pod Identity.
Deploy AAD Pod Identity in a Cluster with Kubenet
AAD Pod Identity is disabled by default on Clusters with Kubenet starting from release v1.7.
Deploy AAD Pod Identity with a Dedicated Service Principal
To enable user to use a separate service principal (aad-pod-identity admin service principal) other than the cluster service principal and to move away from /etc/kubernetes/azure.json.
Setup AAD Pod Identity on Azure RedHat OpenShift (ARO)
How to setup AAD Pod Identity on Azure RedHat OpenShift (ARO)
Disable AAD Pod Identity for a specific Pod/Application
NMI pods modify the nodes' iptables to intercept calls to Azure Instance Metadata endpoint. This means any request that’s made to the Metadata endpoint will be intercepted by NMI even if the pod doesn’t use aad-pod-identity.
Azure Identity Validation using Gatekeeper
This will help validate various CRDs and the azure resources used in aad-pod-identity. Currently validation of User assigned MSI format in Azure Identity is supported.
Feature Flags
Optional configuration feature flags.
Pod Identity in Custom Cloud
Using AAD Pod Identity in custom Azure cloud environment.
Migrating from Standard to Managed Mode
Migrating from Standard to Managed mode for AAD Pod Identity
Pod Identity in Managed Mode
In this mode, there is only the NMI component deployed in the cluster. The identity assignment needs to be manually performed.
Monitoring Pod Identity with Prometheus
Prometheus is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions,displays the results, and can trigger alerts if some condition is observed to be true.
Enable PSP Clusters
If the cluster has Pod Security Policies (PSP) enabled that block hostNetwork and privileged mode, then the aad-pod-identity will be unable to run.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified October 12, 2020: docs: update website theme to docsy (#828) (55ba979c)