The following provides guidance on the minimum roles needed by an AKS user to get their credentials and interact with a namespace we'll create called 'sample-app'.

This walkthrough demonstates the setup of the new Azure App Gateway for Containers (hereafter AGC) managed ingress controller on a cluster configured with egress traffic forced to an Azure Firewall and with the cluster configured with outboundType Route Table.

Special Thanks!​

Thanks to Daniel Neumann for the original article we used to get this started, which you can find here.

Thanks to Ray Kao for working out a bunch of bugs we hit and dropping some sweet PRs.

All of the Terraform files can be found here.

The following walkthrough shows how you can using Azure Workload Identity with the AKS Workload Identity add-on along with MSAL

The following walkthrough shows how you can using Azure Workload Identity with the AKS Workload Identity add-on along with MSAL on an AKS Windows Nodepool.