Open asakth22 opened 1 day ago
@sabbour, @JackStromberg would you be able to assist?
See this comment here: https://github.com/Azure/application-gateway-kubernetes-ingress/issues/1533#issuecomment-1798858813
Do you see the oidc endpoint exposed? Do you see the federated credential on the created identity?
Also, we have AGC available now, which simplifies some of this. Would you be willing to share details on using AGIC over AGC? https://learn.microsoft.com/azure/application-gateway/for-containers/overview
Cheers!
Both 'workload_identity_enabled' & 'oidc_issuer_enabled' is enabled on the cluster during the deployment. So everything was working fine before and it's only now that we have run into this issue.
helm ls -n kube-system
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
aks-managed-workload-identity kube-system 35 2024-09-19 07:22:26.78077406 +0000 UTC deployed workload-identity-addon-0.1.0-a26bc86f33b244dae3051771b5d79cc32333d28b
The AGIC pod within the AKS cluster is giving errors with authentication. The AKS cluster has 'workload identity' enabled and was working fine until we got into this issue.
Logs from the pod:
I found a similar issuer as described here, https://github.com/Azure/application-gateway-kubernetes-ingress/issues/1533 and as a work around running the command below fixes the issue.
az aks update -g MyResourceGroup -n MyManagedCluster --enable-workload-identity
But the workload identity is enabled when the cluster is created.