Skip to content

Commit 8d5edfc

Browse files
PRMerger3PRMerger3
authored
Merge pull request #188376 from Nickomang/aks-cluster-extension-pod-identity
Added AAD pod identity exception note
2 parents 6210117 + 88ec81a commit 8d5edfc

File tree

1 file changed

+14
-0
lines changed

1 file changed

+14
-0
lines changed

articles/aks/cluster-extensions.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,19 @@ A conceptual overview of this feature is available in [Cluster extensions - Azur
3131
* An Azure subscription. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free).
3232
* [Azure CLI](/cli/azure/install-azure-cli) version >= 2.16.0 installed.
3333

34+
> [!NOTE]
35+
> If you have enabled [AAD-based pod identity][use-azure-ad-pod-identity] on your AKS cluster, please add the following `AzurePodIdentityException` to the release namespace of your extension instance on the AKS cluster:
36+
> ```yml
37+
> apiVersion: aadpodidentity.k8s.io/v1
38+
> kind: AzurePodIdentityException
39+
> metadata:
40+
> name: k8s-extension-exception
41+
> namespace: <release-namespace-of-extension>
42+
> spec:
43+
> podLabels:
44+
> clusterconfig.azure.com/managedby: k8s-extension
45+
> ```
46+
3447
### Register provider for cluster extensions
3548
3649
#### [Azure CLI](#tab/azure-cli)
@@ -240,6 +253,7 @@ az k8s-extension delete --name azureml --cluster-name <clusterName> --resource-g
240253
[dapr-overview]: ./dapr.md
241254
[gitops-overview]: ../azure-arc/kubernetes/conceptual-gitops-flux2.md
242255
[k8s-extension-reference]: /cli/azure/k8s-extension
256+
[use-azure-ad-pod-identity]: ./use-azure-ad-pod-identity.md
243257
244258
<!-- EXTERNAL -->
245259
[arc-k8s-regions]: https://azure.microsoft.com/global-infrastructure/services/?products=azure-arc&regions=all

0 commit comments

Comments
 (0)