Closed oscarlnetoo closed 4 months ago
Same issue here, just followed the official guide: https://learn.microsoft.com/en-us/azure/developer/terraform/create-k8s-cluster-with-aks-applicationgateway-ingress
Same :\
Same issue here as well. No resolution?
Same here
The solution for me was to switch to workload identity https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview?tabs=dotnet.
The documentation still seems incomplete but there's an AKS managed addon
az aks update -g RESOURCE_GROUP -n CLUSTER_NAME --enable-workload-identity
I got it resolved after using "workload identity". As neither AAD Pod Identity (deprecated) nor Service Principal worked.
Below are the steps that I followed:
az feature register --namespace "Microsoft.ContainerService" --name "EnableWorkloadIdentityPreview"
az aks update -g "${RESOURCE_GROUP}" -n myAKSCluster --enable-oidc-issuer --enable-workload-identity
az identity create --name "$MANAGEDIDNAME" --resource-group "$AKS_RG" --location "$LOCATION"
helm install $Installation_NAME -f helm-config.yaml application-gateway-kubernetes-ingress/ingress-azure -n $NAMESPACE
[Note: This command basically creates a SA in AKS which references the managed identity. At this point if you check the AGIC Pod, it should be in "crashedloopback" state]
kubectl get sa -n $NAMESPACE
az identity federated-credential create --name $(Any Name) --identity-name $(Managed_Identity_Name) --resource-group $(Managed_Identity_Name_RG) --issuer "$OIDC_issuerURL" --subject system:serviceaccount:"$NAMESPACE":"$(The SA that got created after running HELM command)" --audience api://AzureADTokenExchange
Hello,
I am trying to install AGIC 1.7.0 with AAD Pod Identity as ARM authentication. Unfortunately, the ingress-azure pod is crashing on startup. Could someone help me with that? I have tried everything including service principal credentials.
Here are the logs from the pod:
And, my helm config file looks like this: