Hello Yd7474,
Assuming you are referring to a Managed MySQL and if it supports Service Principle then you should be able to use the Kubelet user-assigned managed identity of the cluster., Such as the aks-clustername-agentpool identity. And if you want to to use a separate managed identity for each pod (not the 'shared' node identity) they'll need to use something like "aad-pod-identity" or the newer workload identity.
To connect from an Azure AKS pod to a MySQL database without the need for a password or any manual token request, you can use Azure AD Managed Identity (preview) to authenticate the pod to the database. This method uses the pod's identity to automatically request an Azure AD token, which can then be used to access the database. The token is retained automatically, so there is no need for manual token requests. Azure AD Managed Identity is available in two types: system-assigned and user-assigned. System-assigned managed identities have their lifecycle tied to the resource that created them, while user-assigned managed identities can be used on multiple resources.
If you are considering implementing Azure AD pod-managed identity on your AKS cluster, we recommend you first review the workload identity overview article to understand our recommendations and options to set up your cluster to use an Azure AD workload identity (preview). This authentication method replaces pod-managed identity (preview), which integrates with the Kubernetes native capabilities to federate with any external identity providers.
Hope this helps, Please "Accept as Answer" and Upvote if it helped, so that it can help others in the community looking for help on similar topics. Thank you!
Best Regards.