Azure AKS Workload Identity managment

Question

Hey,

I am doing to deploy workload identity solution for the aks cluster using CLI (--enable-workload-identity) (not helm). Who will be responsible for maintaining and updating the webhook deployment azure or me?

Answer 1

Hi,

I suggest you to review the FAQ's and it list all the required configuration and supported process - faq

AKS builds upon many Azure infrastructure resources, including virtual machine scale sets, virtual networks, and managed disks. This enables you to apply many of the core capabilities of the Azure platform within the managed Kubernetes environment provided by AKS. For example, most Azure virtual machine types can be used directly with AKS and Azure Reservations can be used to receive discounts on those resources automatically.

To enable this architecture, each AKS deployment spans two resource groups:

You create the first resource group. This group contains only the Kubernetes service resource. The AKS resource provider automatically creates the second resource group during deployment. An example of the second resource group is MC_myResourceGroup_myAKSCluster_eastus. For information on how to specify the name of this second resource group, see the next section.
The second resource group, known as the node resource group, contains all of the infrastructure resources associated with the cluster. These resources include the Kubernetes node VMs, virtual networking, and storage. By default, the node resource group has a name like MC_myResourceGroup_myAKSCluster_eastus. AKS automatically deletes the node resource group whenever the cluster is deleted, so it should only be used for resources that share the cluster's lifecycle.

Hope this helps.
JS

==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.