Comments (3)
@dan-jackson-github the reason we don't have documentation for using service principal directly, with using the AAD-POD-IDENTITY integration for using MSI, was that the support service principal was introduced primarily to support development activities. Is there a specific reason you need to use the service princiapl and not an MSI to access the AG?
from application-gateway-kubernetes-ingress.
hi @asridharan thanks for the response. The reason is I would like to keep the k8s configuration as minimal as possible, introducing aad-pod-identity introduces more complexity and another point of failure, it seems the only thing that is going to use it in my AKS implementation is this ingress controller. I prefer to use service principal approach because that keeps my configuration consistent. I also have no experience with aad-pod-identity, have never seen or supported it before!
What is the reason that service principal support is only intended for development? It seems to be a standard approach in AKS for other areas such as load balancer services, storage access and container registry access. Are we saying you don't recommend this approach for productive use? Is it not secure?
from application-gateway-kubernetes-ingress.
Was this ever answered or set as a supported approach? I also do not understand why a service principal would only be used for development. It's pretty common practice to prefer service principals over MSI in Azure.
Even if it's not supported, it's not clear how to even use this for development purposes anyhow. Please provide some update guidance using service principals here or just remove it, if it's not REALLY supported.
from application-gateway-kubernetes-ingress.
Related Issues (20)
- Public IP HTTPS fails when creating private IP HTTPS ingress HOT 3
- AGIC is cannot list resource "azureapplicationgatewayrewrites" in API group "appgw.ingress.azure.io" at the cluster scope HOT 15
- From ingress annotations, which one helps create backend pool in app gateway
- AGIC does not create dedicated pool & target for shared App Gateway HOT 1
- appgw support - Monitor managed Prometheus
- ingress appgw pod - forced restart necessary to create listener etc. for new frontend ip HOT 1
- [Help request] How to redirect from non-www to www site
- How to remove "defaulthttpsetting" because it raises security issue
- az cli command from install guide evaluates with empty value
- Unable to create AzureIngressProhibitedTarget on AKS HOT 2
- AGIC is wiping out my backend pools
- Terraform wipes out AGIC's backends on each deploy HOT 4
- 502 Bad Gateway and unhealthy probe in AGIC AppGW HOT 2
- AAD Pod Identity - archived and is no longer maintained. HOT 3
- Need to cretae a Application Gateway WAF policy resource lock enable policy
- Dualstack annotation
- ProhibitedTargets has incorrect path requirement HOT 1
- `appgw.ingress.kubernetes.io/appgw-ssl-profile` does not allow predefined ssl profiles HOT 1
- Application gateway redirects to value set in backend-hostname (used for SSL)
- OOM Killed ingress-appgw-deployment HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from application-gateway-kubernetes-ingress.