Using azure workload identity requires using a deprecated side car injection

[alexku7]

Describe the bug
Cortex supports using the Azure workload identity when the AKS cluster is used for Cortex deployment.
However, Cortex uses a deprecated method to get the token from the IMDS metadata.
This approach required to put the annotation azure.workload.identity/inject-proxy-sidecar: true in order to inject a special side car. Microsoft deprecated this method

Cortex should upgrade the Azure SDK and use automatically the env vars , such as

AZURE_CLIENT_ID
AZURE_TENANT_ID
AZURE_FEDERATED_TOKEN_FILE

The variables are injected automatically by Azure workload identity admission hook:

[stale]

This issue has been automatically marked as stale because it has not had any activity in the past 60 days. It will be closed in 15 days if no further activity occurs. Thank you for your contributions.

[alexku7]

pls keep open

[yeya24]

Maybe this is related? thanos-io/objstore#82
I wonder if we can have this pr merged, whether it helps resolve this issue or not. @alexku7 Maybe you can help take a look?

[alexku7]

Thank you @yeya24
Indeed it looks like the correct solution :)

Can be merged to cortex ?

[yeya24]

@alexku7 I merged that pr. I will update Cortex with that. Just FYI, it will be on master so not on latest release v1.16.0

[SatyKrish]

Thanks @yeya24 👏🏼

When is this going to be released?

[yeya24]

It will be included in v1.17.0.
You can use master image for now or cherry-pick that commit to 1.16.0 branch and build the image on your own