search

zioproto / istio-aks-example

Example of running Istio on AKS
MIT License
17 stars 10 forks source link

Federated credential doesn't work #6

Open Vermyndax opened 2 months ago

Vermyndax commented 2 months ago

I am trying to use your code, but it's dying on the federated identity credential. I am getting this error:

│ User Assigned Identity Name: "azure-alb-identity"
│ Federated Identity Credential Name: "azure-alb-identity"): unexpected
│ status 400 (400 Bad Request) with error: BadRequest: The request format was
│ unexpected. Federated Identity Credential must specify 'issuer', 'subject'
│ and 'audience'.
zioproto commented 2 months ago

Hello @Vermyndax thanks for reporting this issue.

I understand you are doing the following steps on the main branch:

cd istio-aks-example/istio-on-aks/aks-tf
terraform init -upgrade
terraform apply

Do you get that error during the terraform apply ?

Can you share what is your Terraform plan for this resource:

https://github.com/zioproto/istio-aks-example/blob/02e090a6c285cd88bf877d101fc9ce8aa259e92e/istio-on-aks/aks-tf/identity.tf#L19-L27

Could you try to add a depends_on = [module.aks] at the above resource ? It could be it fails randomly if the value for module.aks.oidc_issuer_url is not available yet ?