create aks k8s network policy for ingress and igress to allow aad-pod-identity from/to pod
You have 2 asks in your question. Lets see them one by one.
Setting up network policy:
You need to create a cluster with network policy enabled. You can do this only while creating. Once created you cant add or chnage the netwrok policy.
You can choose from two network policies, Azure(Azure provided.) or calico(opensource).
Azure networking policy supports Azure CNI(need to choose Advanced networking while creating the cluster)
Calico supports both kubenet and azure CNI,
This document will help you to deploy a cluster with network policy and create rules and test them. The same document also explains the difference between Azure and calico networking policy.
AAD pod identity.
This is a opensource project which helps us to give permissions(assign identities) for the pods. Pods can then access other azure resources without passwords.
aad-pod-identity is a production ready opensource project. Link to official documentation is here.
Also NOTE that Azure technical support wont support issues on Aad pod identity Because thats considered a opensource project and only community support is available.
Try that out and let me know
10 people are following this question.