Allow Azure Workload identity authentication

[patst]

Description of your changes

We want to use Azure Workload Identity to provision resources with the Kubernetes provider.,
At the moment only Azure Service Principal authentication is possible (see

provider-kubernetes/apis/v1alpha1/types.go

Line 53 in 47afbb7

IdentityTypeAzureServicePrincipalCredentials = "AzureServicePrincipalCredentials"

)

Details about Azure workload Identity: https://azure.github.io/kubelogin/concepts/login-modes/workloadidentity.html#workload-identity

this is an addition to #170 done by @haarchri

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable test to ensure this PR is ready for review.
  ( there is one finding: internal/clients/azure/azure.go:30:1: cyclomatic complexity 11 of func WrapRESTConfigis high (> 10), any suggestion how to fix it? For me it only reduces readability to split up the function)

How has this code been tested

Deployed it in a AKS Cluster and checked if I can access the cluster and provision resources.

Example configuration:

apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: kubernetes-provider
spec:
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: cluster-config
      key: kubeconfig
  identity:
    type: AzureWorkloadIdentityCredentials
    source: Secret
    secretRef:
      name: azure-wli-credentials
      namespace: crossplane-system
      key: credentials.json
---
apiVersion: v1
kind: Secret
metadata:
  name: azure-wli-credentials
  namespace: crossplane-system
stringData:
  # serverId hardcoded to AKS ID, see https://azure.github.io/kubelogin/concepts/aks.html#azure-kubernetes-service-aad-server
  credentials.json: |
    {
      "tenantId": "<aad-tenant-id>",
      "serverId": "6dae42f8-4368-4678-94ff-3960e28e3630",
      "clientId": "<client-id>",
      "federatedTokenFile": "/var/run/secrets/azure/tokens/azure-identity-token",
      "authorityHost": "https://login.microsoftonline.com/"
     }

[cychiang]

This is great, and wondering when would be possible to merge it?

[turkenh]

@patst, thanks for the PR, and sorry for being late here.

Would you mind rebasing your PR, so that we can move it forward?

[patst]

@patst, thanks for the PR, and sorry for being late here.

Would you mind rebasing your PR, so that we can move it forward?

@turkenh great you found the time. We are using the self-build version in production since a few months and are very happy.

I rebased the changes and hopefully was able to resolve the merge conflicts correct

[turkenh]

Looking good, thanks for your contribution @patst 🙌

[turkenh]

@patst, I just merged #225, which is also touching similar codepaths as your PR. Here is an image build from the latest main, including both PRs: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.14.0-rc0.38.gb6e342f

It would be great if you could test/validate this image on your environment to make sure nothing is broken before cutting a release 🙏

[patst]

@patst, I just merged #225, which is also touching similar codepaths as your PR. Here is an image build from the latest main, including both PRs: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.14.0-rc0.38.gb6e342f

It would be great if you could test/validate this image on your environment to make sure nothing is broken before cutting a release 🙏

thanks for merging it.
I just tested xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.14.0-rc0.38.gb6e342f in our sandbox environment and it worked fine.