Giter Site home page Giter Site logo

oaviles / hello_workload-identity Goto Github PK

View Code? Open in Web Editor NEW
0.0 2.0 0.0 16 KB

Reference Implementation about Workload Identity. Build and Deploy Application/Pod with Managed Identity support to Azure Kubernetes Services based on DevSecOps Practices

Dockerfile 23.98% HCL 51.96% C# 24.06%
aks azure devsecops devsquad identity kubernetes

hello_workload-identity's Introduction

DevSquad Workload Identity Project

This is a collection of sample projects for Cloud Application Developer using Azure Cloud Platform. The sample projects are arranged in different topics about microservice development and deployment on Azure Kubernetes Service supported by Secure DevOps Practices.

Kubernetes workload identity and access, reference architecture: Deploy AKS cluster managed identities

Steps to deploy:

  • Deploy AKS Cluster: You can use GitHub Workflow Deploy AKS
  • Get OIDC URI: You can us GitHub Workflow Get OIDC URI
az identity show --resource-group "${RESOURCE_GROUP}" --name "${USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv
  • Deploy Identity: You can us GitHub Workflow Deploy Identity
  • Get Access to AKS az aks get-credentials -n spAKSCluster -g "${RESOURCE_GROUP}"
  • Create Service Account
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    azure.workload.identity/client-id: "${USER_ASSIGNED_CLIENT_ID}"
  name: "${SERVICE_ACCOUNT_NAME}"
  namespace: "${SERVICE_ACCOUNT_NAMESPACE}"
EOF
  • Validate Service Account creation kubectl get sa
  • Create Azure Storage Account and assign identity with "Contributor Role"
az storage account create -n "${STORAGE_ACCOUNT_NAME}" -g "${RESOURCE_GROUP}" -l westus --sku Standard_LRS
  • Deploy Pod with Managed Identity support
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: pod-workload-identity
  namespace: "${SERVICE_ACCOUNT_NAMESPACE}"
  labels:
    azure.workload.identity/use: "true"
spec:
  serviceAccountName: "${SERVICE_ACCOUNT_NAME}"
  containers:
  - name: oaidentity
    image: oaviles/oaidentity:latest
    imagePullPolicy: Always
    env:
    - name: STORAGE_ACCOUNT_NAME
      value: "${STORAGE_ACCOUNT_NAME}"
    - name: STORAGE_ACCOUNT_CONTAINER_NAME
      value: "oafiles"
EOF
  • Validate pod execution kubectl logs pod-workload-identity

More Resources

Check More DevSquad Projects

Note: This page is getting updated so make sure to check regularly for new resources.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

hello_workload-identity's People

Contributors

oaviles avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.