[IB] doc: add identity binding example setup #5430
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a comprehensive example for the Identity Binding feature in AKS, providing users with step-by-step instructions and configuration files to set up managed identity access in their clusters. The example demonstrates how to configure RBAC permissions and deploy pods that authenticate to Azure services using managed identities.
Key Changes
- Added complete documentation with prerequisites, setup steps, and verification instructions for using Identity Binding
- Provided Kubernetes RBAC configurations to grant service accounts permission to use specific managed identities
- Included a sample pod manifest demonstrating Azure Key Vault access via Identity Binding
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 14 comments.
| File | Description |
|---|---|
| examples/identity-binding/README.md | Comprehensive guide covering prerequisites, Azure CLI commands for identity binding creation, RBAC setup, pod deployment, and verification steps |
| examples/identity-binding/cluster-role-and-cluster-role-binding.yaml | Kubernetes RBAC configuration defining ClusterRole with use-managed-identity verb and ClusterRoleBinding for the default service account |
| examples/identity-binding/pod.yaml | Sample pod manifest with identity binding annotations for accessing Azure Key Vault using managed identity |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
bcho
commented
Dec 3, 2025
bcho
commented
Dec 3, 2025
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new example for the Identity Binding feature in AKS, providing documentation and configuration files to help users set up and test managed identity access in their clusters. The changes are grouped into documentation and configuration for RBAC and pod deployment.
Documentation and Instructions:
README.mdexplaining prerequisites, setup steps, and verification for using Identity Binding in AKS clusters, including notes on required Azure CLI and AKS features, RBAC setup, and pod deployment.Configuration for RBAC and Pod Deployment:
cluster-role-and-cluster-role-binding.yamlto define aClusterRoleandClusterRoleBindingthat grant the default service account permission to use a specific managed identity via the new verbuse-managed-identity.pod.yamlmanifest for deploying a sample pod that demonstrates access to Azure Key Vault using the managed identity and the new identity binding annotation.