github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Concepts/azureidentity.md (about) 1 --- 2 title: "AzureIdentity" 3 linkTitle: "AzureIdentity" 4 weight: 1 5 date: 2020-11-03 6 description: > 7 Describes one of the following Azure identity resources: 0) user-assigned identity, 1) service principal, or 2) service principal with certificate. 8 --- 9 10 <details> 11 <summary>Examples</summary> 12 13 - user-assigned identity 14 15 ```yaml 16 apiVersion: "aadpodidentity.k8s.io/v1" 17 kind: AzureIdentity 18 metadata: 19 name: <AzureIdentityName> 20 spec: 21 type: 0 22 resourceID: <ResourceID> 23 clientID: <ClientID> 24 ``` 25 26 - service principal (single-tenant) 27 28 ```yaml 29 apiVersion: v1 30 kind: Secret 31 metadata: 32 name: <SecretName> 33 type: Opaque 34 data: 35 clientSecret: <ClientSecret> 36 --- 37 apiVersion: "aadpodidentity.k8s.io/v1" 38 kind: AzureIdentity 39 metadata: 40 name: <AzureIdentityName> 41 spec: 42 type: 1 43 tenantID: <TenantID> 44 clientID: <ClientID> 45 clientPassword: {"name":"<SecretName>","namespace":"<SecretNamespace>"} 46 ``` 47 48 - service principal (multi-tenant) 49 50 ```yaml 51 apiVersion: v1 52 kind: Secret 53 metadata: 54 name: <SecretName> 55 type: Opaque 56 data: 57 clientSecret: <ClientSecret> 58 --- 59 apiVersion: "aadpodidentity.k8s.io/v1" 60 kind: AzureIdentity 61 metadata: 62 name: <AzureIdentityName> 63 spec: 64 type: 1 65 tenantID: <PrimaryTenantID> 66 auxiliaryTenantIDs: 67 - <AuxiliaryTenantID1> 68 - <AuxiliaryTenantID2> 69 clientID: <ClientID> 70 clientPassword: {"name":"<SecretName>","namespace":"<SecretNamespace>"} 71 ``` 72 73 - service principal (certificate) 74 75 ```yaml 76 apiVersion: v1 77 kind: Secret 78 metadata: 79 name: <SecretName> 80 type: Opaque 81 data: 82 certificate: <Certificate> 83 password: <Password> 84 --- 85 apiVersion: "aadpodidentity.k8s.io/v1" 86 kind: AzureIdentity 87 metadata: 88 name: <AzureIdentityName> 89 spec: 90 type: 2 91 tenantID: <TenantID> 92 clientID: <ClientID> 93 clientPassword: {"Name":"<SecretName>","Namespace":"<SecretNamespace>"} 94 ``` 95 96 </details> 97 98 ## `AzureIdentity` 99 100 | Field | Description | 101 | ----------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | 102 | `apiVersion`<br>*string* | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources. | 103 | `kind`<br>*string* | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds. | 104 | `metadata`<br>[*`ObjectMeta`*](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta) | Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | 105 | `spec`<br>[*`AzureIdentitySpec`*](#azureidentityspec) | Describes the specifications of an identity resource on Azure. | 106 107 ## `AzureIdentitySpec` 108 109 | Field | Description | 110 | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | 111 | `type`<br>*integer* | `0`: user-assigned identity.<br>`1`: service principal. <br>`2`: service principal with certificate. | 112 | `resourceID`<br>*string* | The resource ID of the user-assigned identity (only applicable when `type` is `0`), i.e. `/subscriptions/<SubscriptionID>/resourcegroups/<ResourceGroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<UserAssignedIdentityName>`. | 113 | `clientID`<br>*string* | The client ID of the identity. | 114 | `clientPassword`<br>[*SecretReference*](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#secretreference-v1-core) | The client secret of the identity, represented as a Kubernetes secret (only applicable when `type` is `1` or `2`). | 115 | `tenantID`<br>*string* | The primary tenant ID of the identity (only applicable when `type` is `1` or `2`). | 116 | `auxiliaryTenantIDs`<br>*[]string* | The auxiliary tenant IDs of the identity (only applicable when `type` is `1`). | 117 | `adEndpoint`<br>*string* | The Azure Active Directory endpoint. |