-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubelogin doesn't work correctly with MSI in Container Instances #30
Comments
chatted offline. your token coming from the IMDS endpoint in Container Instance somehow has |
@weinong was this issue ever resolved? We are running into the exact same problem... What I noticed is that when the container runs under root (which also happens randomly but is probably an issue of our CI) the |
@yvespp what issue are you seeing? token from IMDS should not have |
I'm doing this inside an ACI container (from our CI/CD):
The token looks like this:
If I try to use the token it returns this:
But when the ACI container runs as root (which sometimes randomly happens), the The AKS cluster uses the newer AKS-managed AAD integration. |
while I'm following up with ACI internal team, can you also open a support request so that we can gather more detail? please send me the SR# via aks-help at service.microsoft.com with reference to this issue. |
We're want to run run Kubernetes deployments from Container Instances with attached managed identities, but are hitting an issue with MSI authentication. We are running
kubelogin
in the Managed Service Identity (non interactive) setup, but after the call tokubelogin convert-kubeconfig -l msi
, anykubectl
command returns the error:When running the same script from a VM using the same managed identity, the kubectl commands succeed after running
kubelogin
. This leads us to believe that our cluster/managed identity setup is correct, but that the issue lies with managed identities in container instances.The text was updated successfully, but these errors were encountered: