github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Configure/match_pods_in_namespace.md (about) 1 --- 2 title: "Match Pods in the Namespace" 3 linkTitle: "Match Pods in the Namespace" 4 weight: 1 5 description: > 6 By default, AAD Pod Identity matches pods to identities across namespaces. 7 --- 8 9 > Available from [1.3.0-mic-1.4.0-nmi release](https://github.com/Azure/aad-pod-identity/releases/tag/1.3.0-mic-1.4.0-nmi) 10 11 By default, AAD Pod Identity matches pods to identities across namespaces. To match only pods in the namespace containing `AzureIdentity`, use one of these techniques: 12 13 * Attach a `aadpodidentity.k8s.io/Behavior: namespaced` annotation to each `AzureIdentity` resource. 14 15 Here is the `AzureIdentity` manifest from the previous step with this annotation added: 16 17 ```yaml 18 apiVersion: "aadpodidentity.k8s.io/v1" 19 kind: AzureIdentity 20 metadata: 21 name: <a-idname> 22 annotations: 23 aadpodidentity.k8s.io/Behavior: namespaced 24 spec: 25 type: 0 26 resourceID: /subscriptions/<subid>/resourcegroups/<resourcegroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<name> 27 clientID: <clientId> 28 ``` 29 30 * Add the `--forceNamespaced` command line argument or set the `FORCENAMESPACED=true` environment variable when starting both the MIC and NMI components. 31 32 Here is a section from the MIC deployment which adds *both* the command line argument and the environment variable for illustration. Pick one approach and use it to update both the MIC deployment and the NMI daemon set. 33 34 ```yaml 35 spec: 36 containers: 37 - name: mic 38 image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.3" 39 args: 40 - "--cloudconfig=/etc/kubernetes/azure.json" 41 - "--logtostderr" 42 - "--forceNamespaced" 43 env: 44 - name: FORCENAMESPACED 45 value: "true"