Skip to content

[enhancement]: Support Workload Identity in custom azure pipelines agents on Azure Kubernetes Service #5060

Open
@Xulei-NL

Description

@Xulei-NL

Describe your feature request here

Dear developers,

We followed Run a self-hosted agent in Docker and set up a pool of custom azure pipelines agents in our Azure Kubernetes Cluster.

In our custom code of start.sh (can be found in the Run a self-hosted agent in Docker link, we manually set AZP_TOKEN by invoking a library describe in Use Microsoft Entra Workload ID with Azure Kubernetes Service (AKS) to interact with Azure DevOps services.

However, the fetched token's lifespan is finite. So at some point the agent needs to fetch a new one again so that the agent won't get stale and still receive new jobs.

It is possible to retrieve one again in the function cleanup() of start.sh. But we believe that having built-in support for workload identity in azure pipelines agents would be better and more elegant. Could you please consider to support this feature?

Looking forward to your feedback.

Best regards,

Xueli Liu

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions