[DOC] - Add docs example for how to use Azure workload_identity

[Adam-D-Lewis]

Preliminary Checks

• This issue is not a question, feature request, RFC, or anything other than a bug report. Please post those things in GitHub Discussions: https://github.com/nebari-dev/nebari/discussions

Summary

I recently added a PR to add workload identity to Azure. I built an mlflow plugin that uses it to give a mlflow pod access to an azure blob storage bucket with minimal credential setup. Azure Workload Identity allows us to tie a k8S service account to a Azure managed identity so we can get managed identity credentials into a pod simply by adding a label and service account to the pod and an annotation on the service account.

The steps are roughly:

• create managed identity
• give the managed identity permissons over cloud resources via a role assignment
• set up federated credential on the managed identity
• tie the service account to the managed identity by putting an annotation on the service account
• add the service account to the pod and add a particular label to the pod
• Environment variables will then be injected into the pod spec when the pod is created that will be sufficient for DefaultAzureCredential to authenticate. (e.g. You call from azure.identity import DefaultAzureCredential then default_credential = DefaultAzureCredential() in python) (See more here)

Steps to Resolve this Issue

Add docs and example

[viniciusdc]

Great! Thanks @Adam-D-Lewis 🚀