Azure DNS Documentation Update

[georgeflug]

Just wanted to bring to your attention that the instructions for setting up Azure DNS using an AAD Workload Identity are incorrect. The documentation specifies the wrong labels for the service account. Instead of

serviceAccount:
  labels:
    azure.workload.identity/use: "true"

it should be

serviceAccount:
  labels:
    azure.workload.identity/client-id: $IDENTITY_CLIENT_ID

For reference:

• Cert-Manager Azure DNS documentation: https://cert-manager.io/docs/configuration/acme/dns01/azuredns/#managed-identity-using-aad-workload-identity:~:text=serviceAccount%3A,%3A%20%22true%22
• Azure documentation for Service Account label: https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview?tabs=dotnet#service-account-annotations

[lunarwhite]

Hi @georgeflug, I think simply removing the serviceAccount stanza should be sufficient? I'm referring Azure/azure-workload-identity#860.

   # values.yaml
   podLabels:
     azure.workload.identity/use: "true"
-- serviceAccount:
--   labels:
--     azure.workload.identity/use: "true"

BTW, the azure.workload.identity/client-id you mentioned is an annotation, rather than a label.

[georgeflug]

@lunarwhite Great catch, yes that is all correct. Removing the serviceAccount section entirely is sufficient, and the key/value was an annotation, not a label.