MicrosoftMicrosoft
MichaelWithrow wrote:Since the open-source pod identity project is now deprecated, AKS will continue to support the AKS pod identity through 2023. To ease the transition, customers can run Pod Identity and Workload Identity in parallel on an existing AKS cluster. Please note that during the Public Preview we enabled the sidecar to give customers time to update their SDKs, but this is not a supported configuration for General Availability. We recommend that customers update applications to a https://azure.github.io/azure-workload-identity/docs/topics/language-specific-examples.html that will allow applications to talk to the AAD endpoint.
Does it mean that pods will not be mutated to inject a sidecar anymore? If so, it'll break a lot of setups, e.g. for external-dns, which is not even close to getting support for Workload Identity, PR (https://github.com/kubernetes-sigs/external-dns/pull/3111) has stayed unreviewed since October. Migration from adal to Azure SDK is not moving anywhere either (https://github.com/kubernetes-sigs/external-dns/pull/3040).
