kubernetes-sigs / external-dns

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Apache License 2.0
7.75k stars 2.58k forks source link

Azure DNS tutorial incorrectly defines azure.json property for "Managed identity using Workload Identity" #4898

Closed EvanSchallerer closed 1 hour ago

EvanSchallerer commented 8 hours ago

What happened: I followed the Azure DNS tutorial to configure external-dns using the Managed identity using Workload Identity section. external-dns would fail with an Entra error AADSTS700016 stating that the client ID may be misconfigured.

What you expected to happen: external-dns does not fail with an error after following the tutorial.

How to reproduce it (as minimally and precisely as possible): Follow the Azure DNS tutorial to configure external-dns using the Managed identity using Workload Identity section.

Anything else we need to know?: The code for configuring external dns configurations uses the clientID configuration which is resolved from aadClientId in the azure.json configuration file: https://github.com/kubernetes-sigs/external-dns/blob/709f3f4ce24eafdb9b5307262c6486d8a4f0b051/provider/azure/config.go#L121

The documentation tells you to use the userAssignedIdentityID, but this is only used for the "Managed identity using AAD Pod Identities" section: https://github.com/kubernetes-sigs/external-dns/blob/709f3f4ce24eafdb9b5307262c6486d8a4f0b051/provider/azure/config.go#L139

Environment: