Use of Azure IPAM in non-default Azure clouds #16003
Labels
integration/cloud
Related to integration with cloud environments such as AKS, EKS, GKE, etc.
kind/bug
This is a bug in the Cilium logic.
kind/community-report
This was reported by a user in the Cilium community, eg via Slack.
General Information
I attempted to deploy Cilium with Azure IPAM onto an AKS cluster in the
AzureChinaCloud
which differs from the public Azure cloud in some details.Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-national-cloud
Ref: https://docs.microsoft.com/en-us/azure/china/resources-developer-guide
When using Azure CNI and Cilium in chaining mode, these differences do not matter, but with Cilium Azure IPAM, they do.
When preparing, I found that the Cilium Helm chart does not allow passing
azure.cloudName
yet, even though this is a valid flag for the operator already.In the operator itself, the
cloudName
is used to configure the Azure client authorizer to acquire tokens from the correct AAD.However, when creating the resource clients themselves,
NewSomethingClient(subscriptionId)
is called which defaults to the public Azure endpoints. UsingNewSomethingClientWithBaseURI(baseURI, subscriptionId)
should also allow calls to other Azure clouds. The respective endpoints can be loaded from here.If you want, I could take a look into generalizing the code.
The text was updated successfully, but these errors were encountered: