fix workload identity instructions

pagopa · Aug 12, 2024 · d1e9cdb · d1e9cdb
1 parent 48cfff9
commit d1e9cdb
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/MIGRATION_GUIDE.md b/MIGRATION_GUIDE.md
@@ -23,11 +23,12 @@ Was removed
 to be able to use the workload identity is mandatory to setup the client id associated to this one. To do so, you will have to pass as a parameter (DON'T COMMIT AS VALUE) as shown below
 
 ```yaml
-azure:
-  # -- (bool) Enable workload identity
-  workloadIdentityEnabled: true
-  # -- Azure Workload Identity Client ID (e.g. qwerty123-a1aa-1234-xyza-qwerty123)
-  workloadIdentityClientId: ""
+microservice-chart:
+  azure:
+    # -- (bool) Enable workload identity
+    workloadIdentityEnabled: true
+    # -- Azure Workload Identity Client ID (e.g. qwerty123-a1aa-1234-xyza-qwerty123)
+    workloadIdentityClientId: ""
 ```
 
 ```yaml

diff --git a/README.md b/README.md
@@ -127,10 +127,40 @@ K8s:
 
 - Reloader of other tools that allow to restar the pod in case of some of the config map or secret are changed
 
-## 📑 Functionality & Values keys/Yaml chart configuration properties (values.yaml)
+## 🔨 Functionality & Values keys/Yaml chart configuration properties (values.yaml)
 
 see [README/Microservice Chart configuration](charts/microservice-chart/README.md) to understand how to use the values.
 
+### `workload identity`
+
+To use the workload identity and be able to load secrets directly from kv, you need to setup this two things.
+
+### Service account linked to workload identity
+
+```yaml
+  serviceAccount:
+    name: testit-workload-identity
+```
+
+> this service account was setuped before, and linked to the workload identity
+
+### Workload Identity ClientID (ex Pod Identity)
+
+to be able to use the workload identity is mandatory to setup the client id associated to this one. To do so, you will have to pass as a parameter (DON'T COMMIT AS VALUE) as shown below
+
+```yaml
+microservice-chart:
+  azure:
+    # -- (bool) Enable workload identity
+    workloadIdentityEnabled: true
+    # -- Azure Workload Identity Client ID (e.g. qwerty123-a1aa-1234-xyza-qwerty123)
+    workloadIdentityClientId: ""
+```
+
+```yaml
+--set microservice-chart.azure.workloadIdentityClientId="$CLIENT_ID"
+```
+
 ### `envConfig`: load values in an internal configmap with the same name of the release
 
 Is possible to load env variables inside the pod, with the creation of a configmap called as the release name