application-gateway-kubernetes-ingress
application-gateway-kubernetes-ingress copied to clipboard
Azure
Planned support for Azure AD Workload Identity?
Is there planned support for Azure AD Workload Identity, seeing as AAD Pod Identity will be replaced by Azure AD Workload Identity.
I'm guessing we're waiting for this? https://github.com/Azure/go-autorest/pull/680/files ?
@timmyreilly yeah, looks like it. Looking forward to it getting merged and implemented in this, hopefully not too far into the future.
+1 for this, is there any update on when this will be available? We've got a fully AZWI enabled cluster now and are trying to keep away from any pod identity
+1 for this. AAD Pod Identity is being deprecated and service principal will expire and likely cause service outages, so neither of the current options are viable for production environments.
Any updates ? Definetly needing this feature as AAD Pod Identites is deprecated and will be archived in September 2023: https://github.com/Azure/aad-pod-identity#-announcement
any update? it seems https://github.com/Azure/go-autorest/pull/680/files is merged
Thanks @jbpaux I'm already testing it!
I can see an error on the image
I0330 08:33:27.122033 1 utils.go:114] Using verbosity level 3 from environment variable APPGW_VERBOSITY_LEVEL
I0330 08:33:27.122481 1 main.go:81] Unable to load cloud provider config '/etc/appgw/azure.json'. Error: Reading Az Context file "/etc/appgw/azure.json" failed: open /etc/appgw/azure.json: permission denied
I0330 08:33:27.162831 1 supported_apiversion.go:70] server version is: 1.24.9
I0330 08:33:27.185895 1 environment.go:294] KUBERNETES_WATCHNAMESPACE is not set. Watching all available namespaces.
I0330 08:33:27.185915 1 main.go:118] Using User Agent Suffix='ingress-azure-5ddc994645-pz9zq' when communicating with ARM
I0330 08:33:27.185999 1 main.go:137] Application Gateway Details: Subscription="xxxx-xxxxx-xxxx-xxx" Resource Group="rg" Name="appgw"
I0330 08:33:27.186012 1 auth.go:58] Creating authorizer using Default Azure Credentials
I0330 08:33:27.186083 1 httpserver.go:57] Starting API Server on :8123
I0330 08:33:27.852544 1 main.go:184] Ingress Controller will observe all namespaces.
I0330 08:33:27.889451 1 context.go:171] k8s context run started
I0330 08:33:27.889475 1 context.go:238] Waiting for initial cache sync
I0330 08:33:27.889540 1 reflector.go:219] Starting reflector *v1.Ingress (30s) from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889547 1 reflector.go:255] Listing and watching *v1.Ingress from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889564 1 reflector.go:219] Starting reflector *v1.Service (30s) from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889573 1 reflector.go:219] Starting reflector *v1.Secret (30s) from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889579 1 reflector.go:255] Listing and watching *v1.Service from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889587 1 reflector.go:219] Starting reflector *v1.Pod (30s) from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889626 1 reflector.go:219] Starting reflector *v1.Endpoints (30s) from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889643 1 reflector.go:255] Listing and watching *v1.Endpoints from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889631 1 reflector.go:255] Listing and watching *v1.Pod from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.889663 1 reflector.go:219] Starting reflector *v1beta1.AzureApplicationGatewayRewrite (30s) from pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167
I0330 08:33:27.989618 1 context.go:251] Initial cache sync done
I0330 08:33:27.989637 1 context.go:252] k8s context run finished
I0330 08:33:27.989721 1 worker.go:39] Worker started
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1375dcf]
goroutine 231 [running]:
github.com/Azure/application-gateway-kubernetes-ingress/pkg/appgw.(*appGwConfigBuilder).newListener(0xc00048a6c0, 0x0?, {0x50, {{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, ...}, ...}, ...}, ...)
/azure/pkg/appgw/frontend_listeners.go:155 +0x6f
github.com/Azure/application-gateway-kubernetes-ingress/pkg/appgw.(*appGwConfigBuilder).getListeners(0xc00048a6c0, 0xc000b10000)
/azure/pkg/appgw/frontend_listeners.go:39 +0x2f3
github.com/Azure/application-gateway-kubernetes-ingress/pkg/appgw.(*appGwConfigBuilder).Listeners(0xc00048a6c0, 0xc000b10000?)
/azure/pkg/appgw/http_listeners.go:11 +0x58
github.com/Azure/application-gateway-kubernetes-ingress/pkg/appgw.(*appGwConfigBuilder).Build(0xc00048a6c0, 0x337d?)
/azure/pkg/appgw/configbuilder.go:119 +0x338
github.com/Azure/application-gateway-kubernetes-ingress/pkg/controller.AppGwIngressController.MutateAppGateway({{0x194b4e0, 0xc0004a6000}, {{0xc00004a021, 0x24}, {0xc00004a055, 0xe}, {0xc00004a094, 0xe}}, 0xc000825ec0, 0xc0006860c0, ...}, ...)
/azure/pkg/controller/mutate_app_gateway.go:128 +0x7b3
github.com/Azure/application-gateway-kubernetes-ingress/pkg/controller.(*AppGwIngressController).ProcessEvent(0xc000001180, {0xc000695f20?, {0x16d5d40?, 0xc000156000?}})
/azure/pkg/controller/controller.go:134 +0x32c
github.com/Azure/application-gateway-kubernetes-ingress/pkg/worker.(*Worker).Run(0xc000822da0, 0xc00060ede0, 0xc0000e3440)
/azure/pkg/worker/worker.go:61 +0x405
created by github.com/Azure/application-gateway-kubernetes-ingress/pkg/controller.(*AppGwIngressController).Start
/azure/pkg/controller/controller.go:83 +0x205
I can maybe open a new issue