Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: add acrpull controller, binding #986

Closed
wants to merge 1 commit into from
Closed

*: add acrpull controller, binding #986

wants to merge 1 commit into from

Conversation

stevekuznetsov
Copy link
Contributor

What this PR does

Jira:
Link to demo recording:

Special notes for your reviewer

stevekuznetsov
stevekuznetsov commented Dec 13, 2024
View reviewed changes
dev-infrastructure/modules/aks-cluster-base.bicep Outdated
@@ -460,15 +460,26 @@ resource uami_fedcred 'Microsoft.ManagedIdentity/userAssignedIdentities/federate
parent: uami[i]
name: '${workloadIdentities[i].value.uamiName}-${location}-fedcred'
properties: {
audiences: [
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@geoberle please provide feedback on all this

@github-actions GitHub Actions
Copy link

Please rebase pull request.

@stevekuznetsov stevekuznetsov force-pushed the skuznets/acrpull branch 2 times, most recently from 716fe93 to 5c1de8a Compare December 19, 2024 15:02
@stevekuznetsov
*: add acrpull controller, binding
a1b1fbe 
Signed-off-by: Steve Kuznetsov <[email protected]>
stevekuznetsov
stevekuznetsov commented Dec 19, 2024
View reviewed changes
frontend/deploy/helm/frontend/templates/acrpullbinding.yaml
workloadIdentity:
serviceAccountRef: frontend
clientID: {{ .Values.pullBinding.workloadIdentityClientId }}
tenantID: {{ .Values.pullBinding.workloadIdentityTenantId }}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Newest version of the controller allows us to reference the puller's MI for this token, letting multiple MI to be federated to the SA

@stevekuznetsov stevekuznetsov mentioned this pull request Dec 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bennerv bennerv Awaiting requested review from bennerv bennerv is a code owner

@mbarnes mbarnes Awaiting requested review from mbarnes mbarnes is a code owner

@SudoBrendan SudoBrendan Awaiting requested review from SudoBrendan SudoBrendan is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@UlrichSchlueter UlrichSchlueter Awaiting requested review from UlrichSchlueter UlrichSchlueter is a code owner

@zgalor zgalor Awaiting requested review from zgalor zgalor is a code owner

@geoberle geoberle Awaiting requested review from geoberle geoberle is a code owner

@janboll janboll Awaiting requested review from janboll janboll is a code owner

@weinong weinong Awaiting requested review from weinong weinong is a code owner

@whober0521 whober0521 Awaiting requested review from whober0521 whober0521 is a code owner

@tony-schndr tony-schndr Awaiting requested review from tony-schndr tony-schndr is a code owner

@jmelis jmelis Awaiting requested review from jmelis jmelis is a code owner

@jonathan34c jonathan34c Awaiting requested review from jonathan34c jonathan34c is a code owner

@nwnt nwnt Awaiting requested review from nwnt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevekuznetsov @weinong