Monitor the capz-controller-manager logs for following error:
failed to get user-assigned identity ClientID: ManagedIdentityCredential authentication failed
GET http://169.254.169.254/metadata/identity/oauth2/token
RESPONSE 400 Bad Request
--------------------------------------------------------------------------------
{
"error": "invalid_request",
"error_description": "Identity not found"
}
--------------------------------------------------------------------------------
To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#managed-id
Which component are you using?:
capz-controller-manager
What version of the component are you using?:
Component version: v1.15.2
What k8s version are you using (
kubectl version
)?:kubectl version
OutputClient Version: v1.29.2 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.28.9
What environment is this in?:
Azure
What did you expect to happen?:
As managed user identity has contributor accesses at subscription level, the expectation was to see access to azure resources without auth error.
What happened instead?:
Hitting following error: failed to get user-assigned identity ClientID: ManagedIdentityCredential authentication failed GET http://169.254.169.254/metadata/identity/oauth2/token
How to reproduce it (as minimally and precisely as possible):
How to reproduce it (as minimally and precisely as possible):
Monitor the capz-controller-manager logs for following error: failed to get user-assigned identity ClientID: ManagedIdentityCredential authentication failed GET http://169.254.169.254/metadata/identity/oauth2/token