github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Configure/deploy_in_openshift.md

github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Configure/deploy_in_openshift.md (about)

     1  ---
     2  title: "Setup AAD Pod Identity on Azure RedHat OpenShift (ARO)"
     3  linkTitle: "Setup AAD Pod Identity on Azure RedHat OpenShift (ARO)"
     4  weight: 2
     5  description: >
     6    How to setup AAD Pod Identity on Azure RedHat OpenShift (ARO)
     7  ---
     8  
     9  ### Installation
    10  
    11  #### Standard mode
    12  
    13  The MIC component by default relies on `/etc/kubernetes/azure.json` to get cluster configuration and credentials. Since the `/etc/kubernetes/azure.json` doesn't exist in ARO clusters, the AAD Pod Identity components will need to be deployed with a dedicated SP/managed identity to provide access to Azure.
    14  
    15  ##### Helm
    16  
    17  ```shell
    18  helm repo add aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
    19  
    20  # Helm 3
    21  # If using managed identity to provide MIC access to Azure, then set adminsecret.clientID=msi and adminsecret.clientSecret=msi
    22  # Set adminsecret.useMSI=false if using service principal to provide MIC access to Azure
    23  helm install aad-pod-identity aad-pod-identity/aad-pod-identity \
    24      --set adminsecret.cloud=<azure cloud name> \
    25      --set adminsecret.subscriptionID=<subscription id> \
    26      --set adminsecret.resourceGroup=<node resource group> \
    27      --set adminsecret.vmType=vmss \
    28      --set adminsecret.tenantID=<tenant id> \
    29      --set adminsecret.clientID=<service principal clientID> \
    30      --set adminsecret.clientSecret=<service principal clientSecret> \
    31      --set-string adminsecret.useMSI=false \
    32      --set adminsecret.userAssignedMSIClientID=<ClientID from identity>
    33  ```
    34  
    35  ##### Using deployment yamls
    36  
    37  If deploying using deployment yamls, refer to the [doc here](../deploy_aad_pod_dedicated_sp).
    38  
    39  #### Managed mode
    40  
    41  Follow the [docs here](../pod_identity_in_managed_mode) on how to install AAD Pod Identity in managed mode.
    42  
    43  ### Validate pod identity components are running
    44  
    45  1. If deploying in standard mode, check the MIC pods are up and running.
    46  2. Check if NMI is running on all nodes.
    47  3. Follow the [doc here](../../troubleshooting/#ensure-that-iptables-rule-exists) to ensure the iptables rules exist.