I intend to use AAD Pod Identity so that my kubernetes workloads can leverage managed identities that I create in Azure.
Currently, I create my identities and role assignment through ARM templates. Afterwards, I need to create an instance of the AzureIdentity CRD, which contains a reference to the clientId of the managed identity.
I come from another cloud provider which didn't need a CRD to act on behalf of a service account, so I was wondering what's the best practice for managing this configuration?
Ideally I would like to stay within the realm of ARM templates so I wouldn't have to split up a cluster deployment in several places. However, I don't have an idea of how this would work since I need to generate a yaml that contains a reference to something that comes from other ARM templates. What's a proper way to automate this without having to crack open a script to do queries via the az cli:
- Deploy managed cluster + managed identities via ARM template
- Create an
Azure Identitythat is bound to one of those managed identities
I'm not sure if this is possible, but would love to see what others have done.