Update aks-nat-agic to supported version

Azure / azure-quickstart-templates

Azure Quickstart Templates

https://aka.ms/azqst

MIT License

14.09k stars 16.14k forks source link

Update aks-nat-agic to supported version #12928

Open codepic opened 2 years ago

codepic commented 2 years ago

Template

aks-nat-agic

Issue Details

Repro steps

Simply deploy the template
Observe error message PodIdentity addon is not allowed since feature 'Microsoft.ContainerService/EnablePodIdentityPreview' is not enabled.
Read Microsoft.ContainerService/EnablePodIdentityPreview documentation
Observe the following note in the documentation

We recommend you review Azure AD workload identity (preview). This authentication method replaces pod-managed identity (preview), which integrates with the Kubernetes native capabilities to federate with any external identity providers on behalf of the application.

Resolution

Update the aforementioned template to use Use an Azure AD workload identity (preview) instead.

bmoore-msft commented 2 years ago

@paolosalvatori - something you can help with?

paolosalvatori commented 2 years ago

Hi @codepic, when you see a message like

PodIdentity addon is not allowed since feature 'Microsoft.ContainerService/EnablePodIdentityPreview' is not enabled

it means that you have to enable a preview feature before using it. For this feature, in particular, see Use Azure Active Directory pod-managed identities in Azure Kubernetes Service (Preview). Now, Azure AD Pod Identity has been replaced by Azure AD Workload Identity. For more information, see:

If you are not interested in any of these features, you can disable or remove them from the ARM template. Hope this helps.