It is generally a best practice to use Azure Active Directory integration with AKS. The suggestion is not to use credential information explicitly like passwords. A further step is to use pod identities where possible.
- Cluster operator first creates a service account that can be used to map identities when pods request access to services.
- The NMI server and MIC are deployed to relay any pod requests for access tokens to Azure AD.
- A developer deploys a pod with a managed identity that requests an access token through the NMI server.
- The token is returned to the pod and used to access an Azure SQL Server instance.
- Key Vault
- Cosmos DB
- Blob Storage
- Application Gateway Kubernetes Ingress
Github repo for AAD POD Identity Auth Best Practices Using Managed Identities to Securely Access Azure Resources