This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
Authorization via WorkloadIdentity not works in China.
I set all options correctly (cloud region, tenant and subscription) but I got error during authorization:
Error details: error invalid_resource error_description: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named ...
Authorization via WorkloadIdentity not works in China.
I set all options correctly (cloud region, tenant and subscription) but I got error during authorization:
Error details: error invalid_resource error_description: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named ...
It came from hardcoded scope as global resource URI: https://github.com/Azure/application-gateway-kubernetes-ingress/blob/732d8ae7adf0334f03029a3feb04b06fad158ce6/pkg/azure/defaultazurecredential/authorizer.go#L42
I reproduced that also locally via raw AzureIdentity and it looks that scope should be for China:
https://management.chinacloudapi.cn/.default