This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
Describe the bug
The ingress-azure pod goes into CrashLoopBackOff status with the below error when the environment is set to AzureUSGovernmentCloud. The issue does not occur on older versions like 1.6.0
Message="The access token has been obtained for wrong audience or resource 'https://management.azure.com'. It should exactly match with one of the allowed audiences 'https://management.core.usgovcloudapi.net/','https://management.core.usgovcloudapi.net','https://management.usgovcloudapi.net/','https://management.usgovcloudapi.net'.""
To Reproduce
Install 1.7.1 version of the controller.
Ingress Controller details
Output of kubectl describe pod <ingress controller>
I0623 09:53:37.255339 1 utils.go:114] Using verbosity level 3 from environment variable APPGW_VERBOSITY_LEVEL
I0623 09:53:37.276052 1 supported_apiversion.go:70] server version is: 1.25.5
I0623 09:53:37.286231 1 environment.go:294] KUBERNETES_WATCHNAMESPACE is not set. Watching all available namespaces.
I0623 09:53:37.286249 1 main.go:118] Using User Agent Suffix='ingress-azure-85dfd8d479-jrkr7' when communicating with ARM
I0623 09:53:37.286331 1 main.go:137] Application Gateway Details: Subscription="77f8dc1f-50f0-4867-a60b-1f999873096f" Resource Group="chethan2303-stamp-usgovvirginia-rg" Name="agw-chethan2303-usgovvirginia"
I0623 09:53:37.286346 1 auth.go:58] Creating authorizer using Default Azure Credentials
I0623 09:53:37.286411 1 httpserver.go:57] Starting API Server on :8123
E0623 09:53:37.338618 1 client.go:184] configuration error (bad request) or unauthorized error while performing a GET using the authorizer
E0623 09:53:37.338634 1 client.go:185] stopping GET retries
F0623 09:53:37.338694 1 main.go:175] Failed getting Application Gateway: Code="ErrorApplicationGatewayUnexpectedStatusCode" Message="Unexpected status code '401' while performing a GET on Application Gateway." InnerError="network.ApplicationGatewaysClient#Get: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="InvalidAuthenticationTokenAudience" Message="The access token has been obtained for wrong audience or resource 'https://management.azure.com'. It should exactly match with one of the allowed audiences 'https://management.core.usgovcloudapi.net/','https://management.core.usgovcloudapi.net','https://management.usgovcloudapi.net/','https://management.usgovcloudapi.net'.""
Any Azure support tickets associated with this issue.
No
Describe the bug The ingress-azure pod goes into
CrashLoopBackOff
status with the below error when the environment is set toAzureUSGovernmentCloud
. The issue does not occur on older versions like 1.6.0Message="The access token has been obtained for wrong audience or resource 'https://management.azure.com'. It should exactly match with one of the allowed audiences 'https://management.core.usgovcloudapi.net/','https://management.core.usgovcloudapi.net','https://management.usgovcloudapi.net/','https://management.usgovcloudapi.net'.""
To Reproduce Install 1.7.1 version of the controller.
Ingress Controller details
kubectl describe pod <ingress controller
>