Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure workload identity is not working in aks virtual-node-aci-linux due to incorrect secret #189

Open
SandeepCitigori opened this issue Mar 2, 2022 · 2 comments
Labels
investigate need investigation

Comments

@SandeepCitigori
Copy link

Continuation of the issue, Azure/azure-workload-identity#381.

Currently, we are using Azure AD Pod Identity for our aks clusters.
We are exploring Azure AD workload identity and able to install using the below links and see it works in nodes as per the given example.
https://azure.github.io/azure-workload-identity/docs/introduction.html
https://github.com/Azure/azure-workload-identity

As mentioned in the 7th point or end of this page, https://azure.github.io/azure-workload-identity/docs/quick-start.html

I have deployed the workload and am able to access the key vault secret via the azure token.

Then I have updated the yaml with nodeSelector & tolerations to install in the virtual-node-aci-linux. Upon deploy, the pod is running but not able to access the keyvault secret.

Error when running kubectl logs podname:
E0215 15:21:21.216383 1 token_credential.go:43] 'failed to read the service account token from the filesystem' err='open /var/run/secrets/azure/tokens/azure-identity-token: no such file or directory'

@helayoty
Copy link
Member

@fnuarnav would take a look please?

@joanna-jasnowska-wttech
Copy link

Hi, is there any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
investigate need investigation
Projects
None yet
Development

No branches or pull requests

3 participants