Merge pull request #223147 from tomkerkhove/patch-10

prmerger-automator[bot] · web-flow · commit 41ee4a0b5171 · 2023-01-06T16:28:11.000Z
fix(aks): Provide doc on azure.workload.identity/use label for pods
diff --git a/articles/aks/workload-identity-overview.md b/articles/aks/workload-identity-overview.md
@@ -88,6 +88,12 @@ If you've used [Azure AD pod-managed identity][use-azure-ad-pod-identity], think
 |`azure.workload.identity/tenant-id` |Represents the Azure tenant ID where the<br> Azure AD application is registered. |AZURE_TENANT_ID environment variable extracted<br> from `azure-wi-webhook-config` ConfigMap.|
 |`azure.workload.identity/service-account-token-expiration` |Represents the `expirationSeconds` field for the<br> projected service account token. It's an optional field that you configure to prevent downtime<br> caused by errors during service account token refresh. Kubernetes service account token expiry isn't correlated with Azure AD tokens. Azure AD tokens expire in 24 hours after they're issued. |3600<br> Supported range is 3600-86400.|
 
+### Pod labels
+
+|Label |Description |Recommended value |Required |
+|------|------------|------------------|---------|
+|`azure.workload.identity/use` | Represents the pod is to be used for workload identity. |true |Yes |
+
 ### Pod annotations
 
 |Annotation |Description |Default |
