You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all thanks for the tool, the article and the approach. This allowed us to have a fancy setup where our Crossplane deployment on GKE was able to manage AWS resources without the hassle of static keys (Since we already use WIM for GCP resources)
We are now in the position to replicate the same thing for accessing and managing Azure resources.
Since Azure provides the same OIDC based workload identity federation, I was able to make it work basically without any change on the gtoken side. My only concern is that the code is AWS centric although the concept is generic enough.
With some adjustments we can make it generic to other workload identity management supported platforms.
I would rather submit a PR if you want to go this route of making it more generic and also document the Azure part rather than fork the project and change the AZure bits:
Have the audience customizable, so it does not display as defaultAud = "gtoken/sts/assume-role-with-web-identity" when it's not about AWS.
Have paths that reflect the provider rather than /var/run/secrets/aws/token
Have a a different annotation for the service account rather than amazonaws.com/role-arn
WDYT ?
The text was updated successfully, but these errors were encountered:
Hi there,
First of all thanks for the tool, the article and the approach. This allowed us to have a fancy setup where our Crossplane deployment on GKE was able to manage AWS resources without the hassle of static keys (Since we already use WIM for GCP resources)
We are now in the position to replicate the same thing for accessing and managing Azure resources.
Since Azure provides the same OIDC based workload identity federation, I was able to make it work basically without any change on the gtoken side. My only concern is that the code is AWS centric although the concept is generic enough.
With some adjustments we can make it generic to other workload identity management supported platforms.
I would rather submit a PR if you want to go this route of making it more generic and also document the Azure part rather than fork the project and change the AZure bits:
defaultAud = "gtoken/sts/assume-role-with-web-identity"when it's not about AWS./var/run/secrets/aws/tokenamazonaws.com/role-arnWDYT ?
The text was updated successfully, but these errors were encountered: