Can someone tell me which option is better to integrate Azure Key Vault with AKS Clusters?

0 votes
Can someone tell me which option is better to integrate Azure Key Vault with AKS Clusters?

Is it FlexVolume using Service Principal as Secret or FlexVolume using AAD Pod Identity?
Feb 4 in Azure by anonymous
• 10,080 points
377 views

1 answer to this question.

0 votes

I would say Flexvolume using aad pod identity is ok as long as you kerberized the azure active directory. That way no azure active directory password is being sent over ldaps or tls1.2

answered Feb 4 by Sam
• 5,520 points

But can we use azure active directory pod Identity in production environment?

Yes you can, it's just not a standard yet. In other word you can implement it but with some acceptable risk. You can try this code as a trial: https://github.com/Azure/aad-pod-identity
And what are your views on FlexVolume using Service Principal??
Service principal is a proprietary Microsoft solution to use tokenized azure ad service principal to authorize pod. However it is not an open standard even though its might work great
Okay. Thanks!

Related Questions In Azure

0 votes
1 answer

How can i upload to Azure Blob storage with Shared Access key?

For GetBlobReferenceFromServer to work, the blob must be present ...READ MORE

answered Jun 12, 2018 in Azure by club_seesharp
• 3,450 points
1,353 views
0 votes
1 answer

How to serialize and de-serialize a PFX certificate in Azure Key Vault?

Here's a PowerShell script for you. Replace ...READ MORE

answered Sep 24, 2018 in Azure by club_seesharp
• 3,450 points
438 views
0 votes
1 answer

Which is better: Azure Blob or Azure Table?

The best solution is blob storage with ...READ MORE

answered Mar 5, 2019 in Azure by Archana
• 5,600 points
56 views
0 votes
1 answer

How to add a body to a HttpWebRequest that is being used with the Azure Service management API?

The following code should help: byte[] buf = ...READ MORE

answered Apr 3, 2019 in Azure by p
• 1,940 points
99 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer