You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/workload-identity-overview.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Use an Azure AD workload identities on Azure Kubernetes Service (AKS)
2
+
title: Use an Azure AD workload identity on Azure Kubernetes Service (AKS)
3
3
description: Learn about Azure Active Directory workload identity for Azure Kubernetes Service (AKS) and how to migrate your application to authenticate using this identity.
4
4
ms.topic: article
5
5
ms.custom: build-2023
@@ -204,7 +204,7 @@ The following client libraries are the **minimum** version required.
204
204
205
205
- You can only have 20 federated identity credentials per managed identity.
206
206
- It takes a few seconds for the federated identity credential to be propagated after being initially added.
207
-
-[Virtual nodes][aks-virtual-nodes] add on, based on the open source project [Virtual Kubelet][virtual-kubelet], is not supported.
207
+
-[Virtual nodes][aks-virtual-nodes] add on, based on the open source project [Virtual Kubelet][virtual-kubelet], isn't supported.
208
208
209
209
## How it works
210
210
@@ -242,7 +242,7 @@ If you've used [Azure AD pod-managed identity][use-azure-ad-pod-identity], think
242
242
243
243
### Service account annotations
244
244
245
-
All annotations are optional. If the annotation is not specified, the default value will be used.
245
+
All annotations are optional. If the annotation isn't specified, the default value will be used.
246
246
247
247
|Annotation |Description |Default |
248
248
|-----------|------------|--------|
@@ -261,12 +261,12 @@ All annotations are optional. If the annotation is not specified, the default va
261
261
262
262
### Pod annotations
263
263
264
-
All annotations are optional. If the annotation is not specified, the default value will be used.
264
+
All annotations are optional. If the annotation isn't specified, the default value will be used.
265
265
266
266
|Annotation |Description |Default |
267
267
|-----------|------------|--------|
268
268
|`azure.workload.identity/service-account-token-expiration`|Represents the `expirationSeconds` field for the projected service account token. It's an optional field that you configure to prevent any downtime caused by errors during service account token refresh. Kubernetes service account token expiry isn't correlated with Azure AD tokens. Azure AD tokens expire in 24 hours after they're issued. <sup>1</sup> |3600<br> Supported range is 3600-86400. |
269
-
|`azure.workload.identity/skip-containers`|Represents a semi-colon-separated list of containers to skip adding projected service account token volume. For example `container1;container2`. |By default, the projected service account token volume is added to all containers if the service account is labeled with `azure.workload.identity/use: true`. |
269
+
|`azure.workload.identity/skip-containers`|Represents a semi-colon-separated list of containers to skip adding projected service account token volume. For example,`container1;container2`. |By default, the projected service account token volume is added to all containers if the service account is labeled with `azure.workload.identity/use: true`. |
270
270
|`azure.workload.identity/inject-proxy-sidecar`|Injects a proxy init container and proxy sidecar into the pod. The proxy sidecar is used to intercept token requests to IMDS and acquire an Azure AD token on behalf of the user with federated identity credential. |true |
271
271
|`azure.workload.identity/proxy-sidecar-port`|Represents the port of the proxy sidecar. |8000 |
0 commit comments