Azure Kubernetes Service - Pod Managed Identity and Workload Identity Alternatives

304 views Asked by At

Currently Azure Kubernetes Services pod managed identity and workload identities are not GA. I am working on a solution that needs to be production ready for my enterprise. Since these features are in preview, they don't seem like a good fit.

I would like to understand what alternatives I have available that are suitable for use in production? My AKS cluster will communicate to other services running in Azure. I am reluctant to use Kubernetes secrets as they store secretes in base64 which is not very secure. The other alternative I found was to use the CSI driver to mount secrets stored in Key Vault. Again this does not seem like an optimal solution because it will store secrets in the cluster itself.

Wanted to understand what people use in production and if there is a solution besides what I have already listed above?

0

There are 0 answers