Azure Kubernetes Service Deployment
Note (Gateway New Chart):The Gateway new chart docs is now available here.
This page includes only Azure Kubernetes Service (AKS)-specific delta steps.
Review the Kubernetes Helm deployment page first, then apply the AKS changes in this guide.
Scope
This guide assumes that the baseline Helm deployment flow is complete, including:
- Helm chart setup
- base
values.yamlpreparation - installation and upgrade flow
- Gateway admin and permission model
This page focuses on AKS workload identity and AKS-specific values.yaml changes.
Prerequisites
Complete all baseline prerequisites from the main Helm deployment page, and add:
- An Azure Active Directory authentication method in Akeyless.
- AKS cluster workload identity configured as documented in the AKS workload identity guide.
- A user-assigned managed identity client ID for ServiceAccount annotation.
AKS Identity Delta
Set the Gateway auth type to azure_ad and provide your Azure Access ID:
globalConfig:
gatewayAuth:
gatewayAccessId: <Azure Access ID>
gatewayAccessType: azure_ad
allowedAccessPermissions: {}Enable workload identity labels and ServiceAccount annotations:
deployment:
annotations: {}
labels:
azure.workload.identity/use: "true"
serviceAccount:
create: false
serviceAccountName: <AKS ServiceAccount Name>
annotations:
azure.workload.identity/client-id: <User Assigned Managed Identity Client ID>Validation Delta
After deployment, validate Azure workload identity integration:
-
Confirm pod health:
kubectl get pods -n <namespace> -
Confirm ServiceAccount annotations:
kubectl get sa <AKS ServiceAccount Name> -n <namespace> -o yaml -
Validate Gateway login and management endpoint connectivity.
Related Tasks
- For shared Helm install and upgrade commands, use the main Kubernetes Helm deployment page.
- For advanced chart settings, use Advanced Kubernetes Configuration.
- For TLS configuration, use Configuring TLS.
Updated about 7 hours ago