Security concerns of using managed identity using AAD Pod Identities

[psibi]

I have been looking into managed identity and AKS cluster and this is my understanding:

• I can assign only a single user managed identity to the AKS cluster.
• I have to do the relevant role assignments to the identity for getting access.

Now my question is, let's say I have two different pods. One pods want to access keyvault and the other pods wants to access Azure DNS. The only way of making this work is modifying the user managed identity to give access to both the resources. But now it seems both the pods can access both the resources.

Now my question:

• Is my above understanding right and is this the usual way of doing things using AAD Pod Identity ?
• Is there a better way to do this to avoid the above security concern ?

(Sorry for the cross post, I wasn't aware of the Q/A available here in github and posted the same question to StackOverflow)

[chewong]

I can assign only a single user-managed identity to the AKS cluster.

Yes, that's correct. If you have --enable-managed-identity enabled when you create an AKS cluster, it will create one for you. That user-assigned identity is for cluster-wide operations.

I have to do the relevant role assignments to the identity for getting access.

In your use-case, you can create two new user-assigned identities (grant the first one access to keyvault and the second one to Azure DNS) and use aad-pod-identity to assign those identities to your pods. NMI will perform validations to make sure only the correct pod can access the correct identity.

[psibi]

Thank you!

[tgwallenborg]

A follow up question on this "NMI will perform validations to make sure only the correct pod can access the correct identity."
How is this done?

Say that I have two pods in the same namespace, with two different aad-pod-identity. How can I ensure that not a third pod is added that starts using one of the other ones? It could only set the aadpodidbinding: pod-binding-1 or is there any other things stopping this?

[chewong]

A follow up question on this "NMI will perform validations to make sure only the correct pod can access the correct identity."
How is this done?

When NMI receives a token request, it reserves look up the pod spec by matching the IP address of the request origin (i.e. pod IP) from all the pods. After getting the pod spec, it checks for its label and sees if there is a corresponding AzureIdentity and AzureIdentityBinding with the same label. After passing these validations will NMI return a token.

Say that I have two pods in the same namespace, with two different aad-pod-identity. How can I ensure that not a third pod is added that starts using one of the other ones? It could only set the aadpodidbinding: pod-binding-1 or is there any other things stopping this?

I'd recommend enabling namespace mode and deploying the third pod to a different namespace to isolate them.

[tgwallenborg]

We use different namespace and namespace mode. I was just curious if you could isolate pod-identity inside a namespace.
But so I understand it correct, all aad-pod-identity is "valid" inside the namespace to all pods with the correct label? And if I need them isolated I need to but them in different namespaces.

[chewong]

Yes, that's correct. Pods can't use AzureIdentity and AzureIdentityBinding created in a different namespace under namespace mode.