github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Getting started/installation.md

github.com/Azure/aad-pod-identity@v1.8.17/website/content/en/docs/Getting started/installation.md (about)

     1  ---
     2  title: "Installation"
     3  linkTitle: "Installation"
     4  weight: 2
     5  description: >
     6    How to install AAD Pod Identity on your clusters.
     7  ---
     8  
     9  ## Quick Install
    10  
    11  To install/upgrade AAD Pod Identity on RBAC-enabled clusters:
    12  
    13  ```
    14  kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment-rbac.yaml
    15  ```
    16  
    17  <details>
    18  <summary>Result</summary>
    19  
    20  ```
    21  serviceaccount/aad-pod-id-nmi-service-account created
    22  customresourcedefinition.apiextensions.k8s.io/azureassignedidentities.aadpodidentity.k8s.io created
    23  customresourcedefinition.apiextensions.k8s.io/azureidentitybindings.aadpodidentity.k8s.io created
    24  customresourcedefinition.apiextensions.k8s.io/azureidentities.aadpodidentity.k8s.io created
    25  customresourcedefinition.apiextensions.k8s.io/azurepodidentityexceptions.aadpodidentity.k8s.io created
    26  clusterrole.rbac.authorization.k8s.io/aad-pod-id-nmi-role created
    27  clusterrolebinding.rbac.authorization.k8s.io/aad-pod-id-nmi-binding created
    28  daemonset.apps/nmi created
    29  serviceaccount/aad-pod-id-mic-service-account created
    30  clusterrole.rbac.authorization.k8s.io/aad-pod-id-mic-role created
    31  clusterrolebinding.rbac.authorization.k8s.io/aad-pod-id-mic-binding created
    32  deployment.apps/mic created
    33  ```
    34  
    35  </details><br/>
    36  
    37  To install/upgrade aad-pod-identity on RBAC-disabled clusters:
    38  
    39  ```
    40  kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment.yaml
    41  ```
    42  
    43  <details>
    44  <summary>Result</summary>
    45  
    46  ```
    47  customresourcedefinition.apiextensions.k8s.io/azureassignedidentities.aadpodidentity.k8s.io created
    48  customresourcedefinition.apiextensions.k8s.io/azureidentitybindings.aadpodidentity.k8s.io created
    49  customresourcedefinition.apiextensions.k8s.io/azureidentities.aadpodidentity.k8s.io created
    50  customresourcedefinition.apiextensions.k8s.io/azurepodidentityexceptions.aadpodidentity.k8s.io created
    51  daemonset.apps/nmi created
    52  deployment.apps/mic created
    53  ```
    54  
    55  </details><br/>
    56  
    57  For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI:
    58  
    59  ```
    60  kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/mic-exception.yaml
    61  ```
    62  
    63  {{% alert title="Warning" color="warning" %}}
    64  failure to apply `mic-exception.yaml` in AKS clusters will result in token failures for AKS addons using managed identity for authentication.
    65  {{% /alert %}}
    66  
    67  <details>
    68  <summary>Result</summary>
    69  
    70  ```
    71  azurepodidentityexception.aadpodidentity.k8s.io/mic-exception created
    72  azurepodidentityexception.aadpodidentity.k8s.io/aks-addon-exception created
    73  ```
    74  
    75  </details>
    76  
    77  ## Helm
    78  
    79  AAD Pod Identity allows users to customize their installation via Helm.
    80  
    81  ```
    82  helm repo add aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
    83  helm install aad-pod-identity aad-pod-identity/aad-pod-identity
    84  ```
    85  
    86  ### Values
    87  
    88  For a list of customizable values that can be injected when invoking `helm install`, please see the [Helm chart configurations](https://github.com/Azure/aad-pod-identity/tree/master/charts/aad-pod-identity#configuration).