Multiple assigned identities issue #1077
Comments
Is the pod The client token request is forwarded as is when the client pod is excepted using the |
@aramase There is no exception for that pod. Only one identity is bound to that pod.
|
@IvanovOleg There seems to be an exception based on the logs I0524 17:12:56.461578 1 server.go:362] exception pod security/security-ops-certmanager-867887fdd4-5pbs9 token handling Could you share the output for If there is an exception that refers to any of the pod labels, then NMI will just forward the token request without any defaulting for clientID. |
@aramase Thanks fo the hint. I have an exception configured for another app that shares one lable with certmanager. Certmanager works after removal. |
Have you
Describe the bug
Hello. I am trying to make cermanager work with AzureDNS using DNS01 challenge. My AKS cluster is deployed with MSI enabled. AAD pod identity is deployed in the managed mode and forced namespaces. AzureIdentity and AzureIdentityBinding are created, certmanager pod is deployed with a correct label and in the same namespace. When I try to create a certificate, it fails with the next issue:
VMss nodes have multiple identities assigned, but I assume that AzureIdentityBinding should make only one identity available for pod, is that correct?
AAD Pod Identity version
helm 4.1.1 (1.8.0)
Kubernetes version
1.19.9
The text was updated successfully, but these errors were encountered: