6. Limitations
• Assigning managed identities to underlying K8s nodes (VMSS) takes 10-40s
• Only supports K8s clusters on Azure
• Only supports Linux nodes
• Dependency on IMDS
11. Integrations
Workload Identity has been integrated in
• Azure Key Vault Provider for Secrets Store CSI Driver
• Enables getting secrets storedin Azure Key Vault and uses the Secrets StoreCSI
Driver interface to mount them into Kubernetes pods.
• Ratify
• Enables validation of supply chain artifacts, such as image signatures, and SBOMs
12. Roadmap
✓ Open-Source ProjectLaunch
✓ AKS OIDC Issuer support
✓ AKS Workload Identity Preview withAzure AD Apps
❑ Workload Identity FederationwithManaged Identity
❑ AKS Workload Identity Public Preview
❑ AKS Workload Identity GA
13. Resources
• AAD Pod Identity
• Azure Workload Identity
• Federation With Azure AD