Closed umurkaraduman closed 10 months ago
This is not caused by AGIC, but by a change on the Azure side.
It was actually mentioned in Azure Advisor that this change was going to happen. It is now also written in the Application Gateway docs: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#identifying-affected-users-or-service-principals-for-your-subscription
I wanted to create Azure Kubernetes Service with my own VNET. But, Ingress Application Gateway deployment failed with an error about not having the permission for Microsoft.Network/virtualNetworks/subnets/join/action on the VNET that I wanted to use. I was able to fix this by giving Network Contributor role to the Managed Identity assigned to Application Gateway.
I was wondering, I didn't need to give this role before when I was creating clusters with my own VNET. Has the behaviour changed? If so can you please point me to that release notes?
A related issue describing a similar situation is https://github.com/Azure/application-gateway-kubernetes-ingress/issues/1463