Azure AD Workload Identity for Kubernetes - Skipping the Mutating Admission Webhook
As per official documentation “Azure AD Workload Identity for Kubernetes integrates with the capabilities native to Kubernetes to federate with external identity providers”. In other words, workload identity for Kubernetes is about establishing a trust relationship between some service accounts, whose tokens are issued by the Kubernetes cluster identity provider, and service principals in Microsoft Entra ID (a.k.a. Azure AD). After a one-time setup of the cluster, all you need to do is to establish some “federated credentials” on the Entra ID side by configuring an app to trust an external identity provider....