Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/go_modules/k8s-7010eb0a57
Browse files Browse the repository at this point in the history
  • Loading branch information
aramase authored May 22, 2024
2 parents 8e72411 + 4677852 commit 862b4db
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions docs/book/src/faq.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,11 @@ Azure Workload Identity is v2 of the AAD Pod Identity. AAD Pod Identity v2 was a

## How to federate multiple identities with a Kubernetes service account?

It is possible to have a many-to-one relationship between multiple identities and a Kubernetes service account, i.e. you can create multiple
federated identity credentials that reference the same service account in your Kubernetes cluster.
It's possible to have a many-to-one relationship between multiple identities and a Kubernetes service account. For example, you can create multiple federated identity credentials that reference the same service account in your Kubernetes cluster.

`azure.workload.identity/client-id` annotation in your service account represents the default identity client ID used by the Azure Identity SDK during authentication. If you would like to use a different identity, you would need to specify the client ID when creating the Azure Credential object.
The `azure.workload.identity/client-id` annotation in your service account represents the default identity's client ID used by an Azure Identity library during authentication. If you'd like to use a different identity, specify the client ID when creating the Azure Identity library's credential object.

For example, if you are using the [`DefaultAzureCredential`](https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python) from the Azure Identity Python SDK to authenticate your application, you can specify which identity to use by adding the `managed_identity_client_id` parameter to the `DefaultAzureCredential` constructor.
For example, if you're using the Azure Identity for Python library's [`DefaultAzureCredential`](https://learn.microsoft.com/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python) to authenticate your application, you can specify which identity to use by adding the [`workload_identity_client_id`](https://learn.microsoft.com/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python#keyword-only-parameters) parameter to the `DefaultAzureCredential` constructor.

## How to federate multiple Kubernetes service accounts with a single identity?

Expand Down

0 comments on commit 862b4db

Please sign in to comment.