Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Error While trying to Deploy AAD Pod Identities on AKS clusters #1420

Closed
4 tasks done
mkurukun opened this issue Apr 21, 2023 · 2 comments
Closed
4 tasks done

Error While trying to Deploy AAD Pod Identities on AKS clusters #1420

mkurukun opened this issue Apr 21, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@mkurukun
Copy link

mkurukun commented Apr 21, 2023
edited
Loading

❗ AAD Pod Identity is deprecated and Azure Workload Identity has reached stable (OSS) and GA (AKS) milestones. AAD Pod Identity has transitioned to CVE fixes only.

Have you

Describe the bug
We recently noticed the Following Error while trying to Deploy Pod Identities for our AKS Clusters. We have been using Terraform to run a bash script to Deploy Pod Identities using az cli commands.

Waiting for AAD role to propagate[################################ ]
│ 90.0000%ERROR: 'RoleAssignmentsOperations' object has no attribute 'config'
│ ERROR: Could not grant Managed Identity Operator permission for cluster
│ Sleeping for 30 seconds....
│ ERROR: 'RoleAssignmentsOperations' object has no attribute 'config'

Steps To Reproduce

Here is the code from the bash script that is executed.
az aks pod-identity add --resource-group $AKS_RESOURCE_GROUP --cluster-name $AKS_CLUSTER_NAME
--namespace $namespace --identity-resource-id $managed_identity_resource_id --binding-selector $binding_selector

was able to reproduce this by running the az cli commands manually.(not from Terraform bash script)
These are the command I used

az aks update --resource-group aksloadbalancer --name aksloadbalancer --enable-pod-identity --enable-pod-identity-with-kubenet

az aks pod-identity add --cluster-name aksloadbalancer --identity-resource-id /subscriptions//resourcegroups/myIdentityResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/application-identity --namespace default --resource-group aksloadbalancer --name application-identity

and I got the error:

image

Expected behavior
Pod Identities Get deployed in the provided namespace

AAD Pod Identity version

Terraform version:

  • terraform -version
    Terraform v1.4.4
    on linux_amd64
  • provider registry.terraform.io/hashicorp/azurerm v3.42.0
  • provider registry.terraform.io/hashicorp/null v3.2.1
  • provider registry.terraform.io/hashicorp/random v3.5.1

"azure-cli": "2.47.0",
azure-cli-core": "2.47.0"
azure-cli-telemetry": "1.0.8"
extensions": {}

Kubernetes version
1.24.10

Additional context
@mkurukun mkurukun added the bug Something isn't working label Apr 21, 2023
@aramase
Copy link
Member

aramase commented Apr 21, 2023

@mkurukun This issue is with the AKS add-on, so I recommend opening an issue here or opening a support ticket.

@karataliu PTAL!

@aramase aramase closed this as completed Apr 21, 2023
@karataliu
Copy link

This is known CLI issue: Azure/azure-cli-extensions#6203
Please try install latest aks-preview cli extension for a fix.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@karataliu @aramase @mkurukun