New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission issue using AGIC with an MSI enabled cluster #842
Comments
I have exatly the same issue. Seems to be same as #828 |
erikschlegel As @tslavik mentioned, this might be related to #820 |
@erikschlegel did the above suggestion fix the issue ? |
This link seems broken |
Describe the bug
Now that AKS MSI is GA, I'm trying to configure AGIC with an MSI enabled AKS cluster, and running into the below behavior. I'm using the AGIC chart 1.2.0-rc1.
Error
The AGIC identity resides within the AKS node resource group containing the below role permissions.
Reader scoped to AppGW resource group
Contributor scoped to App GW resource
Are there additional role assignments that I'm missing? I suspect it's related to a missing Managed Identity Operator assignment, but it's unclear which identity I'd scope that permission to for AKS MSI-enabled clusters (ie agentpool identity, app gw identity, etc)?
Ingress Controller details
kubectl describe pod <ingress controller
> .The text was updated successfully, but these errors were encountered: