Richard Ahlquist

> The whole point of the apps-in-any-namespace feature is to enable gitops-based self-service of applications for non-admins. This is not entirely true anymore. [Argo CD Agent](https://argocd-agent.readthedocs.io/latest/) is built upon the...

This is a must-have for multi-tenancy, where the cluster lifecycle is typically controlled by a platform team, but the federated credentials and managed identities are controlled by users/developer teams. Without...

Thanks for attention @CocoWang-wql. I don't think we necessarily need the ability to BYO issuer URL at cluster _creation_, as long as all federated credentials "find their way back" after...

The problem is not with the Pod or Service Account. The problem is that the User-assigned Managed Identity to which the Service Account is federated via a `Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials` resource, has...

Will this be tracked/resolved by #2861?

I spoke to @hosamsh (Workload Identity PM @ Microsoft) yesterday and he confirmed that this will be resolved by #4658.

I've noticed this behaviour applies not only for the `Deployment` but also for the `Service`.

+1, would love to see this for `azureeventhubreceiver`, similar to how #39658 did it for `azuremonitorreceiver` 👍

Assuming the pseudo logic will be "if `azureeventhub.auth != nil`, then ignore `azureeventhub.connection`" ``` receivers: azureeventhub: name: ... namespace: ... auth: authenticator: azureauth extensions:: azureauth: workload_identity: tenant_id: "${AZURE_TENANT_ID}" client_id: "${AZURE_CLIENT_ID}"...

Eager about this one before we can start considering K8GB for our company 👍