Use a workload identity with an application on Azure Kubernetes Service (AKS)

• In this article

1. Create a resource group
2. Install the aks-preview Azure CLI extension
3. Register the ‘EnableWorkloadIdentityPreview’ feature flag
4. Create AKS cluster
5. Export environmental variables
6. Create an Azure Key Vault and secret
7. Create a managed identity and grant permissions to access the secret
8. Establish federated identity credential
9. Deploy the workload

Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage Kubernetes clusters. In this tutorial, you will:

• Deploy an AKS cluster using the Azure CLI with OpenID Connect Issuer and managed identity.
• Create an Azure Key Vault and secret.
• Create an Azure Active Directory workload identity and Kubernetes service account
• Configure the managed identity for token federation
• Deploy the workload and verify authentication with the workload identity.

This tutorial assumes a basic understanding of Kubernetes concepts. For more information, see Kubernetes core concepts for Azure Kubernetes Service (AKS).

If you don’t have an Azure subscription, create an Azure free account before you begin.