Pod Identity in Custom Cloud

Using AAD Pod Identity in custom Azure cloud environment.

This document highlights the steps to configure and use AAD Pod Identity in custom Azure cloud environments. If you are deploying with helm, then set mic.customCloud.enabled to true (e.g., --set mic.customCloud.enabled=true on the command line) to have the following configuration changes rendered. The custom cloud environment file name can be changed from /etc/kubernetes/akscustom.json by setting mic.customCloud.configPath.

Ensure the cloud name in /etc/kubernetes/azure.json is set to AzureStackCloud

{
    "cloud": "AzureStackCloud",
    "tenantId": "xxxx",
    "subscriptionId": "xxxx",
    ...
}

Mount the JSON file that contains the custom cloud environment details. The custom cloud environment file is stored in the file system of the Kubernetes node. The go-autorest library is configured to read the Azure environment from file by default for AzureStackCloud
NOTE: In case of AKS clusters, the custom cloud environment file is /etc/kubernetes/akscustom.json
The file needs to be mounted only for the MIC pods.
Add the custom environment file volume mount in MIC deployment:
```
- name: custom-env-file
  mountPath: /etc/kubernetes/akscustom.json
  readOnly: true
```
Add the custom environment file volume in MIC deployment:
```
- name: custom-env-file
  hostPath:
    path: /etc/kubernetes/akscustom.json
```
Set the AZURE_ENVIRONMENT_FILEPATH environment variable as part of MIC deployment. This is used by go-autorest to read the custom cloud environment file.
Add the environment variable to MIC deployment:
```
- name: AZURE_ENVIRONMENT_FILEPATH
  value: "/etc/kubernetes/akscustom.json"
```

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified December 8, 2021: chore: support custom cloud configuration in helm chart (#1203) (cc8a292b)