iamNoah1

az group create --name aks2akvrg --location eastus
az aks create --resource-group aks2akvrg --name myk8s --node-count 1 --generate-ssh-keys --enable-managed-identity --network-plugin azure
az aks get-credentials --resource-group aks2akvrg --name myk8s

iamNoah1

az keyvault create --name "myk8skv" --resource-group "aks2akvrg" --location eastus
az keyvault secret set --vault-name "myk8skv" --name "ExamplePassword" --value "hVFkk965BuUv"

iamNoah1

helm repo add csi-secrets-store-provider-azure https://azure.github.io/secrets-store-csi-driver-provider-azure/charts
helm install csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --generate-name --set secrets-store-csi-driver.syncSecret.enabled=true

iamNoah1

clientId=`az aks show --name myk8s --resource-group aks2akvrg |jq -r .identityProfile.kubeletidentity.clientId`
nodeResourceGroup=`az aks show --name myk8s --resource-group aks2akvrg |jq -r .nodeResourceGroup` 
subId=`az account show | jq -r .id`
az role assignment create --role "Managed Identity Operator" --assignee $clientId --scope /subscriptions/$subId/resourcegroups/aks2akvrg
az role assignment create --role "Managed Identity Operator" --assignee $clientId --scope /subscriptions/$subId/resourcegroups/$nodeResourceGroup
az role assignment create --role "Virtual Machine Contributor" --assignee $clientId --scope /subscriptions/$subId/resourcegroups/$nodeResourceGroup

iamNoah1

helm repo add aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
helm install pod-identity aad-pod-identity/aad-pod-identity

iamNoah1

clientId=`az identity show --name aks2kvIdentity --resource-group aks2akvrg |jq -r .clientId`
principalId=`az identity show --name aks2kvIdentity --resource-group aks2akvrg |jq -r .principalId`
subId=`az account show | jq -r .id`
az role assignment create --role "Reader" --assignee $principalId --scope /subscriptions/$subId/resourceGroups/aks2akvrg/providers/Microsoft.KeyVault/vaults/myk8skv
az keyvault set-policy -n myk8skv --secret-permissions get --spn $clientId
az keyvault set-policy -n myk8skv --key-permissions get --spn $clientId

iamNoah1

apiVersion: aadpodidentity.k8s.io/v1
kind: AzureIdentity
metadata:
  name: "aks-kv-identity"               
spec:
  type: 0                                 
  resourceID: /subscriptions/<subscription id>/resourcegroups/aks2akvrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aks2kvIdentity
  clientID: "<clientId>"
---
apiVersion: aadpodidentity.k8s.io/v1

iamNoah1

apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
  name: spc-myk8skv
spec:
  provider: azure
  secretObjects:
  - secretName: test-secret
    data:
    - key: key

iamNoah1

apiVersion: v1
kind: Pod
metadata:
  name: inject-secrets-from-akv
  labels:
    aadpodidbinding: azure-pod-identity-binding-selector
  
spec:
  containers:
    - name: nginx

iamNoah1

...

using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Logging;

public class Tester 
{
    
    [Fact]
    public void TestSomeClassThatUsesLogging()