stackoom
  简体   繁体   中英

Workload identity with application on Kubernetes service:kubernetes

 原文  2022-12-08 08:50:56       azure/ kubernetes/ kubectl/ azure-aks

Question

I am trying to deploy and manage the Kube.netes cluster using OpenID Connect issuer, I have followed this Microsoft Document to deploy the application on AKS for that I have created the resource group and install the AKS preview extension

`az group create --name myResourceGroup --location eastus
az extension add --name aks-preview
az extension update --name aks-preview

#register the enabled workload identity
az feature register --namespace "Microsoft.ContainerService" --name "EnableWorkloadIdentityPreview"az feature show --namespace "Microsoft.ContainerService" --name "EnableWorkloadIdentityPreview"
az provider register --namespace Microsoft.ContainerService`

After that when I am trying to create the Kube.netes cluster with --enable-oidc-isser I am getting below error, it is taking more than 10 minutes and showing some error

(OIDCIssuerUnsupportedk8sVersion) OIDC issuer feature requires at least Kube.netes version 1.20.0. Code: OIDCIssuerUnsupportedK8sVersion Message: OIDC issuer feature requires at least Kube.netes version 1.20.0

I have upgraded to the latest version but still getting same error. How can I export OIDC Issuer to set the Environment variables on the cluster. Thanks in Advance:)

1 answers

solution1
 0 ACCPTED  2022-12-08 11:31:38

I tried to reproduce the same issue in my environment and got the below results

My current version is 1.23.12

在此处输入图像描述

I have created the resource group and install the extension preview and registered the EnabledworkloadidentityPreview using below command

az feature register --namespace "Microsoft.ContainerService" --name "EnableWorkloadIdentityPreview"

在此处输入图像描述

To verify the status used the below command

az feature show --namespace "Microsoft.ContainerService" --name "EnableWorkloadIdentityPreview"

I have created the AKS cluster with --enable-oidc-issuer parameter to use the OIDC issuer using below command

az aks create -g rg -n cluster --node-count 1 --enable-oidc-issuer --enable-workload-identity --generate-ssh-keys

When I check in my environment and got the same error

在此处输入图像描述

To resolve this issue I have upgraded my AKS version using below commands

My current version is 1.23.12

在此处输入图像描述

I have upgraded the to newest version using this SO answer

在此处输入图像描述

My current version is 1.24.3 and when I the below OIDC command I am able access

az aks create -g <rg-name> -n cluster --node-count 1 --enable-oidc-issuer --enable-workload-identity --generate-ssh-keys

在此处输入图像描述

NOTE: This error will occur if the version is more than 1.20.0 we have to upgrade the version to latest version not to current version then only it will work

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure kubernetes - multiple managed identity? Istio on Azure Kubernetes Service? Feedback on azure kubernetes service Unable to open the kubernetes dashboard in Azure Kubernetes Service Kubernetes on Azure Container Service Access Log generation of deployed web application on Azure Kubernetes Service (AKS) how to get object id and application id of kubernetes service principal azure Application logging in Azure Kubernetes https kubernetes deployed application azure sdk java + Azure Kubernetes Cluster + Spring Boot application + System Assigned Managed Identity
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM