How to "re-configure cert-manager" to use AAD Workload Identity in deployKF #58
-
The instructions here assume Helm - not sure that is the case with deployKF https://cert-manager.io/docs/configuration/acme/dns01/azuredns/#reconfigure-cert-manager extraManifests and cert_manager.controller ... annotations seem promising |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 9 replies
-
@edi-bice thank you for reminding me! To use Azure Workload Identity for cert-manager authentication, we need to add new values that let you set, EDIT: after checking the Azure docs, I think there is a typo in the cert-manager AKS docs, because the required labels/annotations are:
Currently, we only provide
However, you can use the internal helm chart values before then with the For example: deploykf_dependencies:
cert_manager:
valuesOverrides: |
cert-manager:
podLabels:
azure.workload.identity/use: "true"
controller:
serviceAccount:
annotations:
azure.workload.identity/client-id: "00000000-0000-0000-0000-000000000000"
## only needed if want a non-default AZURE_TENANT_ID
#azure.workload.identity/tenant-id: "00000000-0000-0000-0000-000000000000" |
Beta Was this translation helpful? Give feedback.
@edi-bice thank you for reminding me!
To use Azure Workload Identity for cert-manager authentication, we need to add new values that let you set,
ServiceAccount LABELS (not annotations)and Pod LABELS.EDIT: after checking the Azure docs, I think there is a typo in the cert-manager AKS docs, because the required labels/annotations are:
azure.workload.identity/use: "true"
azure.workload.identity/client-id: "...."
Currently, we only provide
deploykf_dependencies.cert_manager.controller.serviceAccount.annotations
, which sets ServiceAccount annotations. It should be relatively straightforward for us to add new values in the next release:deploykf_d…