Explanation for Kubelet Identity Role Assignment #268
Replies: 3 comments
-
|
Thanks for your inquiry @haithamshahin333 , please let us share with you the following comments we added in our ARM templates giving some details for this: as well as what is documented at the add-pod-identity repository around role assignments. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @ferantivero - so is the kubelet and not the cluster identity that makes those updates? It makes sense that some identity that AKS is associated with would need the proper roles, but my thought was that it would be done with the cluster identity and not the kubelet identity (and the cluster identity already has contributor over the cluster infrastructure resource group). |
Beta Was this translation helpful? Give feedback.
-
|
In this Reference Implementation we configured the ASK cluster with user-assigned managed identity authentication method. When a pod is scheduled in an AKS cluster using user-assigned auth method, the Some final thoughts,
For further information why this kubelet manage identity is being used instead of any other one, you could ask this very same at the add-pod-identity repo. |
Beta Was this translation helpful? Give feedback.
-
Hi Team,
Could you provide an explanation around why the Kubelet Identity needs Virtual Machine Contributor?
https://github.com/mspnp/aks-secure-baseline/blob/853ccd92bd8199c2a5486fda8947688e1353b065/cluster-stamp.json#L730
Appreciate the guidance!
Beta Was this translation helpful? Give feedback.
All reactions