An overview of all the features of AAD Pod Identity.

Match Pods in the Namespace

By default, AAD Pod Identity matches pods to identities across namespaces.

Deploy AAD Pod Identity in a Cluster with Kubenet

AAD Pod Identity is disabled by default on Clusters with Kubenet starting from release v1.7.

Deploy AAD Pod Identity with a Dedicated Service Principal

To enable user to use a separate service principal (aad-pod-identity admin service principal) other than the cluster service principal and to move away from /etc/kubernetes/azure.json.

Setup AAD Pod Identity on Azure RedHat OpenShift (ARO)

How to setup AAD Pod Identity on Azure RedHat OpenShift (ARO)

Disable AAD Pod Identity for a specific Pod/Application

NMI pods modify the nodes' iptables to intercept calls to Azure Instance Metadata endpoint. This means any request that’s made to the Metadata endpoint will be intercepted by NMI even if the pod doesn’t use aad-pod-identity.

Azure Identity Validation using Gatekeeper

This will help validate various CRDs and the azure resources used in aad-pod-identity. Currently validation of User assigned MSI format in Azure Identity is supported.

Feature Flags

Optional configuration feature flags.

Pod Identity in Custom Cloud

Using AAD Pod Identity in custom Azure cloud environment.

Migrating from Standard to Managed Mode

Migrating from Standard to Managed mode for AAD Pod Identity

Pod Identity in Managed Mode

In this mode, there is only the NMI component deployed in the cluster. The identity assignment needs to be manually performed.

Monitoring Pod Identity with Prometheus

Prometheus is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions,displays the results, and can trigger alerts if some condition is observed to be true.

Enable PSP Clusters

If the cluster has Pod Security Policies (PSP) enabled that block hostNetwork and privileged mode, then the aad-pod-identity will be unable to run.