-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CAPZ with ASO doesn't work for AzureUSGovernment #4113
Comments
/triage accepted |
/assign @mboersma |
It appears ASO can only configure the ARM endpoint globally for all resources it manages. I've opened an issue here to make that capability accessible at the per-resource level to match CAPZ's capabilities from before: Azure/azure-service-operator#3447. If your management cluster is only managing workload clusters for one cloud, you could possibly modify the ASO deployment manually to configure it as you need as a stopgap. |
Hi @nojnhuh, I was looking into how we could globally set the ARM endpoint url for the ASO controller but I can't find a way. CAPZ is always setting the resource scoped secret https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/main/controllers/asosecret_controller.go#L235 ASO is not merging the resource and the global secret, but stops after Because of this, even if we do manually set the global or namespaced settings for the ASO controller, they will be ignored (unless I missed something) :( |
Even if changing it in aso-controller-settings doesn't work, I suppose it would be possible to edit the ASO deployment and hardcode the value there or referring to a different secret instead of deriving it from the global ASO secret. |
@ionutleca Did that workaround work for you? I'll reopen this to keep tracking making this more automatic. |
Yes, I managed to make it work with the right values set in |
Just opened this PR to at least allow setting these fields with environment variables when CAPZ is installed. Hopefully that's at least a step in the right direction: #4390 |
There's still more to iron out here re: CAPZ configuring the environment per-workload cluster and ASO only configuring it globally for all resources it manages, but I don't think I'll be able to follow up with that during this milestone. /unassign |
Blocked until Azure/azure-service-operator#3447 |
/kind bug
What steps did you take and what happened:
The AzureManagedControlPlane supports the following parameter:
The createSecretFromClusterIdentity function doesn't set azureResourceManagerEndpoint and any other cloud specific variables.
The ASO controller fails with:
The subscription '***' could not be found.: PUT https://management.azure.com/subscriptions/***/resourceGroups/***
What did you expect to happen:
CAPZ to also add to the
*-aso-secret
the values specific to whatspec.azureEnvironment
on theAzureManagedControlPlane
resource points to.Anything else you would like to add:
Environment:
kubectl version
): v1.27.3/etc/os-release
): AKSUbuntu-2004gen2fipscontainerd-202309.06.0The text was updated successfully, but these errors were encountered: