Skip to content

Add Azure Workload Identity proposal #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add Azure Workload Identity proposal #16

wants to merge 3 commits into from

Conversation

@Mossaka
Copy link
Member

@Mossaka Mossaka commented Feb 18, 2025
edited
Loading

This SKIP adds support for Azure Workload Identity to spin operator.

CC @devigned

Proot of concept:

spinframework/spin-operator#372

@Mossaka
Add Azure Workload Identity proposal
34b6abc 
Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
Mossaka added a commit to Mossaka/spin-operator-msk that referenced this pull request Feb 21, 2025
@Mossaka
feat: add workloadIdentity field to SpinApp
ebabd14 
This adds a new 'workloadIdentity' field to the SpinApp CRD and the controller will detect this field to
determine whether or not to apply provider specific labels to enable cloud workload identity.

See SKIP spinframework/skips#16 for more details

Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
@Mossaka Mossaka mentioned this pull request Feb 21, 2025
Merged
@Mossaka Mossaka mentioned this pull request Feb 25, 2025
Closed
Mossaka added a commit to Mossaka/spin-operator-msk that referenced this pull request Mar 6, 2025
@Mossaka
feat: add workloadIdentity field to SpinApp
4f86816 
This adds a new 'workloadIdentity' field to the SpinApp CRD and the controller will detect this field to
determine whether or not to apply provider specific labels to enable cloud workload identity.

See SKIP spinframework/skips#16 for more details

Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
@Mossaka
updated the proposal with new spin azure plugin to align with the cur…
c2ecb94 
…rent implementation

Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
endocrimes
endocrimes reviewed May 5, 2025
View reviewed changes
proposals/00x-azure-workload-identity/README.md
workloadIdentity:
serviceAccountName: "workload-identity-sa"
providerMetadata:
azure: true
Copy link
Contributor

@endocrimes endocrimes May 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this seems reasonable - do we have a sense of what alternative cloud workload identity would look like here? (I haven't spent a huge amount of time on cloud k8s since these became common, so don't have good intuition about what EKS/GKE would look like)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@endocrimes endocrimes endocrimes left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mossaka @endocrimes