Trust domain - workload identity federation #4658
Comments
shashankbarsin
moved this to In Progress (Development)
in Azure Kubernetes Service Roadmap (Public)
|
@shashankbarsin Will this resolve these issues? |
|
For the ETA for a preview which type of preview is that expected to be? |
|
@colincmac - It'll address #3982. #2861 will be addressed by structured authentication integration, that's currently being planned and will share an update on that soon too.. @OmnipotentOwl - Most likely a private preview to begin with. Closer to release, we will share a form where you can share your subscriptionId and we will enable the feature flag. |
|
All the Subjects in a trust domain will have the same prefix, will it also share the Issuer? |
|
reopening this issue as it was wrongly closed as stale by the bot. this feature is still on the roadmap and still on track for a preview in CY2025H1. |
|
@Richard87 - this feature (trust domain) would result in the same issuer URL for the trust domain and wouldn't impact the subject part, which remains a tuple of <namespace, service-account>. For flexibility on declaration of subjects, we have a different feature on the roadmap to provide the ability to declare the subject using prefix patterns - #4688 |
|
@shashankbarsin will this feature be dependent on Fleet Manager - ie will the clusters have to be a part of a Fleet Manager fleet to be a part of the trust domain? |
Trust domains will allow associating multiple AKS clusters so that FICs for workload identity federation can be created on <trust_domain_issuer, namespace, service-account> instead of <aks_cluster_issuer, namespace, service-account> to address the current 20 FIC limitation per identity
Tentative ETA for preview CY2025H1
The text was updated successfully, but these errors were encountered: