Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

How to integrate Bitbucket self-hosted runner with Azure workload identity / AD authentication?

Hi there,

we are currently looking at moving our CI/CD from Azure DevOps to Bitbucket and also start using other Atlassian products for our development.

Part of our automated tests require access to the used infrastructure, e.g. databases, EventHubs, to enter the data for the test. Since we do not want to handle everything with passwords we are using managed identities in our current setup. The Azure DevOps build agents are regular VMs which have an authorized managed identity and the access from the test scripts works fine.

For the tests with Bitbucket we have setup a self-hosted runner in our Kubernetes cluster. It is running using an authorized service account with the workload identity hook. The runner as well as the Docker-in-Docker sidecar have the federated token from the workload identity successfully mounted however these files are not visible from within the pipeline script. 

Would this even be possible? If yes how?

One other approach I can see is that the pipeline deploys a job to the K8s cluster which then runs the tests.

But how do we then get the test results back and can fail the pipeline on test failures?

We don't have any test management plugin like X-Ray in use at the moment. Deployments to the cluster always go via Flux, i.e. GitOps, so no direct kubectl calls from CI/CD are used.


Does anyone have experience with such kind of setup? 

Any other suggestions for how to set this up?

It does not have to be with workload identity per se but the access to the infrastructure is only possible via Azure AD authentication. So this is a must.


Many thanks in advance for your tips and thoughts.

0 answers

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events