0

I have a few services with two deployment kinds: Virtual Machine Scale Set and RDFE based deployments.

I want to add managed identities to those services, but I'm a bit puzzled about how to do so for the second type of deployment (RDFE-based).

I've looked at this Microsoft document.

It stated that using MSI extension would be deprecated in 1.19 but it doesn't seem like IMDS supports PaaS deployments.

How should I add the managed identities to RDFE deployment and what endpoint should I use?

chb
  • 1,727
  • 7
  • 25
  • 47
user1593245
  • 1
  • 1

1 Answers1

0

Managed identities are not supported on RDFE deployments, since we depend on Azure Resource Manager for configuration of the identity.

Arturo Lucatero - MSFT
  • 291
  • 1
  • 9
  • Thanks, could you please point me to the solution I should use for RDFE deployments? – user1593245 Nov 27 '18 at 09:00
  • Then how do we keep our secrets out of our code? It seems pretty silly that a service principal couldn't leverage Managed Identity. –  Nov 29 '18 at 17:35
  • For RDFE deployments, you can use pure service principals. I wish I had a better answer for you here. And to clarify, each managed identities has a backing service principals. The dependency on Azure Resource Manager is for getting the managed identity + service principal securely configured onto the resource where the managed identity will be used. – Arturo Lucatero - MSFT Nov 29 '18 at 18:52