docs: add aad-pod-identity migration to the docs(faq) (#732)

Azure · Feb 3, 2023 · bb7170f · bb7170f
1 parent c65be44
commit bb7170f
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/docs/book/src/faq.md b/docs/book/src/faq.md
@@ -53,3 +53,12 @@ Required permissions to create/update/delete federated identity credential:
 
 - `Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write`
 - `Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete`
+
+## How to migrate from `aad-pod-identity`?
+
+You can refer to [this link](https://learn.microsoft.com/en-us/azure/aks/workload-identity-migrate-from-pod-identity) for more information.
+
+tl;dr:
+
+1. If you use DefaultAzureCredential in your workload, you can update the azure identity sdk version to the latest that supports workload identity (ref: [link](https://azure.github.io/azure-workload-identity/docs/topics/language-specific-examples/azure-identity-sdk.html)).
+2. If you still have workloads that get managed identity token from IMDS, you can annotate the pod to get a proxy sidecar injected, that'll do the token exchange with the new flow.