Azure AD Workload Identity Latest
Azure AD Workload Identity is the newer version of Azure AD Pod Identity. It lets your Kubernetes workloads access Azure resources using an Azure AD Application without having to specify secrets, using federated identity credentials - Don’t manage secrets, let Azure AD do the hard work.
You can tell KEDA to use Azure AD Workload Identity via
podIdentity: provider: azure-workload # Optional. Default: none identityId: <identity-id> # Optional. Default: ClientId From annotation on service-account.
Azure AD Workload Identity will give access to pods with service accounts having appropriate labels and annotations. Refer to these docs for more information. You can set these labels and annotations on the KEDA Operator service account. This can be done for you during deployment with Helm with the following flags -
You can override the identity that was assigned to KEDA during installation, by specifying an
identityId parameter under the
podIdentity field. This allows end-users to use different identities to access various resources which is more secure than using a single identity that has access to multiple resources.