azure-service-operator
azure-service-operator copied to clipboard
Azure
Rework instructions to make managed identity the default option for credentials
At the moment the setup instructions are primarily written with service principal as the default path with using managed identity as a divergence from that. We should flip this - if the operator is being run in an AKS cluster, a managed identity would be preferred because it removes the need to store a password in the credentials (as far as I understand it).
Also, it would be good to include a bit more detail on why the various steps are taken, and expand the commands given to use long option names (to make it clearer what they're doing).
Definitely need to go through our managed identity document and make sure that it's clear (uses long args, explains steps well, etc).
There's some downside to making this the default because it only works in Azure, and it's more complicated. We decided to keep SP as the "default" (the one mentioned in the quickstart) and leave MI as an advanced scenario. We do need to make the experience clearer when using AKS, since we don't talk much about that now.
This issue has been automatically marked as stale because it has not had activity in 60 days.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
We need to decide if we actually want this to be the default. It's a bit more complicated to get started with
If we go the managed identity route we definitely want workload identity to be the highlight as that's much easier to do. This is still something we're interested in doing but we do have the docs now so users can figure things out -- this is just about which is the most highlighted doc.
