Workload Identity Setup
Available in v1.18.8+

Azure Workload Identity allows your ScaleOps pods to securely access Azure resources without storing application secrets in your cluster.

Prerequisites

AKS cluster with OIDC issuer enabled
Service Principal or Azure AD Application (or use --create-application flag)
Azure CLI installed and logged in

Script Setup

Use the integration script with the workload identity flags:


curl -s https://scriptshelf.scaleops.com/azure/integrate.sh | bash -s -- node-integration \
  --subscription-id <SUBSCRIPTION_ID> \
  --application-id <APPLICATION_ID> \
  --cluster-name <CLUSTER_NAME> \
  --use-workload-identity

Download Script / Preview

The script will automatically:

Discover your AKS cluster’s resource group and OIDC issuer URL
Set up federated identity credentials for scaleops-dashboards, scaleops-agent, scaleops-updater, and scaleops-recommender service accounts
Provide the helm configuration needed

Note: You can also use --create-application instead of --application-id to create a new application automatically.

Apply Helm Values

After running the script, apply the provided Helm values to your ScaleOps installation. The configuration will look like this:


global:
  podLabels:
    azure.workload.identity/use: "true"
  serviceAccount:
    annotations:
      azure.workload.identity/client-id: "<APPLICATION_ID>"
 
cloudNodeIntegration:
  azure:
    enabled: true

Workload Identity Setup Available in v1.18.8+

Prerequisites

Script Setup

Apply Helm Values

Workload Identity Setup
Available in v1.18.8+