Installation

How to install AAD Pod Identity on your clusters.

Quick Install

To install/upgrade AAD Pod Identity on RBAC-enabled clusters:

kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment-rbac.yaml

Result

serviceaccount/aad-pod-id-nmi-service-account created
customresourcedefinition.apiextensions.k8s.io/azureassignedidentities.aadpodidentity.k8s.io created
customresourcedefinition.apiextensions.k8s.io/azureidentitybindings.aadpodidentity.k8s.io created
customresourcedefinition.apiextensions.k8s.io/azureidentities.aadpodidentity.k8s.io created
customresourcedefinition.apiextensions.k8s.io/azurepodidentityexceptions.aadpodidentity.k8s.io created
clusterrole.rbac.authorization.k8s.io/aad-pod-id-nmi-role created
clusterrolebinding.rbac.authorization.k8s.io/aad-pod-id-nmi-binding created
daemonset.apps/nmi created
serviceaccount/aad-pod-id-mic-service-account created
clusterrole.rbac.authorization.k8s.io/aad-pod-id-mic-role created
clusterrolebinding.rbac.authorization.k8s.io/aad-pod-id-mic-binding created
deployment.apps/mic created

To install/upgrade aad-pod-identity on RBAC-disabled clusters:

kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment.yaml

Result

customresourcedefinition.apiextensions.k8s.io/azureassignedidentities.aadpodidentity.k8s.io created
customresourcedefinition.apiextensions.k8s.io/azureidentitybindings.aadpodidentity.k8s.io created
customresourcedefinition.apiextensions.k8s.io/azureidentities.aadpodidentity.k8s.io created
customresourcedefinition.apiextensions.k8s.io/azurepodidentityexceptions.aadpodidentity.k8s.io created
daemonset.apps/nmi created
deployment.apps/mic created

For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI:

kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/mic-exception.yaml

Warning

failure to apply mic-exception.yaml in AKS clusters will result in token failures for AKS addons using managed identity for authentication.

Result

azurepodidentityexception.aadpodidentity.k8s.io/mic-exception created
azurepodidentityexception.aadpodidentity.k8s.io/aks-addon-exception created

Helm

AAD Pod Identity allows users to customize their installation via Helm.

helm repo add aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
helm install aad-pod-identity aad-pod-identity/aad-pod-identity

Values

For a list of customizable values that can be injected when invoking helm install, please see the Helm chart configurations.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified June 16, 2023: release: update manifest and helm charts for v1.8.17 (#1435) (d17ea6a4)