nojnhuh
commented
2 months ago I think I have a decent handle on this.
/triage accepted /assign
Open ljtill opened 3 months ago
nojnhuh
commented
2 months ago I think I have a decent handle on this.
/triage accepted /assign
willie-yao
commented
2 months ago /priority backlog
nojnhuh
commented
1 month ago I've been working on this in the background and have it mostly working, but don't want to rush anything for the release next week.
/milesone next
nojnhuh
commented
1 month ago /milestone next
/kind bug
What steps did you take and what happened: When integrating the new ASO API with an AKS Automatic resource, I discovered that the reconciler cannot authenticate with the newly provisioned cluster. By default, AKS Automatic uses Entra ID with Azure RBAC integration. This setup causes the reconciler to fail authentication, preventing reconciliation completion.
Cluster authentication and authorization
What did you expect to happen: The reconciler successfully authenticates with the cluster using Azure RBAC. Maybe similar to how the AzureClusterIdentity object is used.
Anything else you would like to add: Management cluster is using AKS Automatic with the Cluster API Operator and Workload Identity to authenticate.
Environment: