Workload Identity Migration

Check Workload Identity Migration script

Script was created to check for required Microsoft Entra ID Workload Identity label in deployments. As this is required for correct configuration of pods to use the new identities, its presence indicates if a deployment has been migrated or not. More information can be found here

Pre-requisites

• jq.
• azure-cli
• Connect to one of the AKS clusters before running the script.

Running the script

Make sure to run az login. To run the script, clone this repository and switch into the aks/workload-identity-migration directory, run ./bin/checkWorkloadIdentityMigration.sh. The script runs against your current kubectl context. Three CSV files are created in the background to collate results:

• A list of all old Azure Identities remaining on the cluster. After running the script run ./bin/checkWorkloadIdentityMigration.sh view_azureidentities to view this in your terminal.
• A list of deployments containing the required workload identity label. After running the script run ./bin/checkWorkloadIdentityMigration.sh view_labelled to view this in your terminal.
• A lot of deployments NOT containing the required workload identity label. After running the script run ./bin/checkWorkloadIdentityMigration.sh view_not_labelled to view this in your terminal.

This page was last reviewed on 26 January 2024. It needs to be reviewed again on 26 January 2025 by the page owner platops-build-notices .

This page was set to be reviewed before 26 January 2025 by the page owner platops-build-notices. This might mean the content is out of date.