Hi,
we are provisioning a management cluster assigning user managed identity for CAPZ kubernetes distribution with the below cluster.yaml file and getting the error while initiating the mangement cluster. The error is
Could you please help with the configuration which supports initializing management cluster (AKS) with User assigned managed identity instead of default service principal?
Hi, we are provisioning a management cluster assigning user managed identity for CAPZ kubernetes distribution with the below cluster.yaml file and getting the error while initiating the mangement cluster. The error is
cluster.cluster.x-k8s.io/capz-n-4962-80947-1-vt7ofnz created 2024-06-17T04:40:49.4253943Z machinedeployment.cluster.x-k8s.io/capz-n-4962-80947-1-vt7ofnz-md-0 created 2024-06-17T04:40:49.7725316Z kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io/capz-n-4962-80947-1-vt7ofnz-md-0 created 2024-06-17T04:40:49.8611929Z Error from server (InternalError): error when creating "capzcluster.yaml": Internal error occurred: failed calling webhook "default.azurecluster.infrastructure.cluster.x-k8s.io": failed to call webhook: Post "https://capz-webhook-service.capz-system.svc:443/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster?timeout=10s": no endpoints available for service "capz-webhook-service" 2024-06-17T04:40:49.8613822Z Error from server (InternalError): error when creating "capzcluster.yaml": Internal error occurred: failed calling webhook "default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io": failed to call webhook: Post "https://capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc:443/mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane?timeout=10s": no endpoints available for service "capi-kubeadm-control-plane-webhook-service" 2024-06-17T04:40:49.8614801Z Error from server (InternalError): error when creating "capzcluster.yaml": Internal error occurred: failed calling webhook "default.azuremachinetemplate.infrastructure.cluster.x-k8s.io": failed to call webhook: Post "https://capz-webhook-service.capz-system.svc:443/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate?timeout=10s": no endpoints available for service "capz-webhook-service" 2024-06-17T04:40:49.8616359Z Error from server (InternalError): error when creating "capzcluster.yaml": Internal error occurred: failed calling webhook "default.azuremachinetemplate.infrastructure.cluster.x-k8s.io": failed to call webhook: Post "https://capz-webhook-service.capz-system.svc:443/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinetemplate?timeout=10s": no endpoints available for service "capz-webhook-service" 2024-06-17T04:40:49.8617869Z Error from server (InternalError): error when creating "capzcluster.yaml": Internal error occurred: failed calling webhook "validation.azureclusteridentity.infrastructure.cluster.x-k8s.io": failed to call webhook: Post "https://capz-webhook-service.capz-system.svc:443/validate-infrastructure-cluster-x-k8s-io-v1beta1-azureclusteridentity?timeout=10s": no endpoints available for service "capz-webhook-service"
The cluster.yaml configuration is: `apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: name: ${clusterName} spec: clusterNetwork: services: cidrBlocks:
192.168.0.0/16 controlPlaneRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedControlPlane name: ${clusterName}-control-plane infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedCluster name: ${clusterName}
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedControlPlane metadata: name: ${clusterName}-control-plane spec: location: southcentralus resourceGroupName: ${RESOURCE_GROUP_CAPZ} sshPublicKey: "" subscriptionID: 603a6ff0-15f0-49d8-8a3e-89198ccc69f8 version: v1.21.2 networkPolicy: azure networkPlugin: azure sku: tier: Free addonProfiles:
name: azurepolicy enabled: true identityRef: name: arcConformanceMSI kind: UserAssigned providerID: ${AZURE_IDENTITY_ID}
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedCluster metadata: name: ${clusterName}
apiVersion: cluster.x-k8s.io/v1beta1 kind: MachinePool metadata: name: agentpool0 spec: clusterName: ${clusterName} replicas: 2 template: spec: clusterName: ${clusterName} infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedMachinePool name: agentpool0 namespace: default version: v1.21.2 identityRef: name: arcConformanceMSI kind: UserAssigned providerID: ${AZURE_IDENTITY_ID}
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedMachinePool metadata: name: agentpool0 spec: mode: System osDiskSizeGB: 30 sku: Standard_D2s_v3 identityRef: name: arcConformanceMSI kind: UserAssigned providerID: ${AZURE_IDENTITY_ID}
apiVersion: cluster.x-k8s.io/v1beta1 kind: MachinePool metadata: name: agentpool1 spec: clusterName: ${clusterName} replicas: 2 template: spec: clusterName: ${clusterName} infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedMachinePool name: agentpool1 namespace: default version: v1.21.2 identityRef: name: arcConformanceMSI kind: UserAssigned providerID: ${AZURE_IDENTITY_ID}
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: AzureManagedMachinePool metadata: name: agentpool1 spec: mode: User osDiskSizeGB: 40 sku: Standard_D2s_v4 identityRef: name: arcConformanceMSI kind: UserAssigned providerID: ${AZURE_IDENTITY_ID}`
Could you please help with the configuration which supports initializing management cluster (AKS) with User assigned managed identity instead of default service principal?