marco/plugin-barman-cloud
1
0
Fork 0
mirror of https://github.com/cloudnative-pg/plugin-barman-cloud.git synced 2026-01-11 21:23:12 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: inheritFromAzureAD for managed identities (review #681) (#698)

Browse Source 
Make explicit in docs that the inheritFromAzureAD option enables the
usage of Azure Managed Identity authentication mechanism.

Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
This commit is contained in:
Gabriele Fedi 2025-12-29 15:39:16 +01:00 committed by Francesco Canovai
parent 8e8a6c7ca4
commit 0dcb8d8122
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
web/docs/object_stores.md
View File

@ -232,12 +232,16 @@ Barman Cloud supports the following authentication methods:
- [Connection String](https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string) - [Connection String](https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string)
- Storage Account Name + [Access Key](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage) - Storage Account Name + [Access Key](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage)
- Storage Account Name + [SAS Token](https://learn.microsoft.com/en-us/azure/storage/blobs/sas-service-create) - Storage Account Name + [SAS Token](https://learn.microsoft.com/en-us/azure/storage/blobs/sas-service-create)
- [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/introduction.html) - [Azure AD Managed Identities](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview)
- [Default Azure Credentials](https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet)
### Azure AD Workload Identity ### Azure AD Managed Identity
This method avoids storing credentials in Kubernetes via the This method avoids storing credentials in Kubernetes by enabling the
`.spec.configuration.inheritFromAzureAD` option: usage of [Azure Managed Identities](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) authentication mechanism.
This can be enabled by setting the `inheritFromAzureAD` option to `true`.
Managed Identitity can be configured for the AKS Cluster by following
the [Azure documentation](https://learn.microsoft.com/en-us/azure/aks/use-managed-identity?pivots=system-assigned).
```yaml ```yaml
apiVersion: barmancloud.cnpg.io/v1 apiVersion: barmancloud.cnpg.io/v1
@ -263,8 +267,11 @@ to automatically discover and use available credentials in the following order:
3. **Azure CLI** — Uses credentials from the Azure CLI if available 3. **Azure CLI** — Uses credentials from the Azure CLI if available
4. **Azure PowerShell** — Uses credentials from Azure PowerShell if available 4. **Azure PowerShell** — Uses credentials from Azure PowerShell if available
This is particularly useful when running on Azure Kubernetes Service (AKS) with This approach is particularly useful for getting started with development and testing; it allows
[Workload Identity](https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview): the SDK to attempt multiple authentication mechanisms seamlessly across different environments.
However, this is not recommended for production. Please refer to the
[official Azure guidance](https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication/credential-chains?tabs=dac#usage-guidance-for-defaultazurecredential)
for a comprehensive understanding of `DefaultAzureCredential`.
```yaml ```yaml
apiVersion: barmancloud.cnpg.io/v1 apiVersion: barmancloud.cnpg.io/v1