Using Azure workload identity for your AKS workload via AAD application

This is going to be a quick one.

Several regions do not support creating a Federated identity credentials on managed identities. Check here for the list.

So if you are following the setup guide here or another one on GitHub, you may find yourself stuck at the step of creating a Federated Identity Credential in the case you are trying to create the managed identity in one of the non-supported regions listed above.

And when you run up your pod you would see an error like this

'No matching federated identity record found for presented assertion.''No matching federated identity record found for presented assertion.'

The solution is simple, you can either

• create the managed identity in one of the supported regions and attach Federated identity credentials to it, as managed identity is a global resource so it would be working fine with your other resources.

• create an AAD application instead and attach Federated identity credentials to it, then instead use the AAD application client id in replace of USER_ASSIGNED_CLIENT_ID

  

That's it! Thanks for following along!