Open JoeyC-Dev opened 3 months ago
Tried:
az aks approuting update -n ${aks} -g ${rG} --enable-kv --attach-kv ${kvURI}
And this work.
I want to know why I have to attach-kv
here? I should already give enough permission.
The az keyvault set-policy -n ${kv} --certificate-permissions get --spn ${webapp_mi_client_id}
command should be az keyvault set-policy -n ${kv} --certificate-permissions get --object-id ${webapp_mi_client_id}
because it is a managed identity and not a service principal.
attach-kv
does this for you.
Problem: Cannot set default certificate via Key Vault.
Screenshot:
Caption: I am not sure if I configured permission correctly, but the naming of "placeholder" and the use of "pause" image makes me thinking if this is intended. There is no other log I can find.
Set-up demo: