CAPZ isn't compatible within a vcluster, with workload identity enabled on AKS. #4681
Labels
area/managedclusters
Issues related to managed AKS clusters created through the CAPZ ManagedCluster Type
kind/bug
Categorizes issue or PR as related to a bug.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
/kind bug
[Before submitting an issue, have you checked the Troubleshooting Guide?]
What steps did you take and what happened:
[A clear and concise description of what the bug is.]
Installed
capz
ontovcluster
we see a clash in the volumes sectionthe pod section for pod created on host cluster, what vcluster will create it the following
Pod creation on the host cluster fails because of
If we use
--sync-label
for vcluster to sync the labelazure.workload.identity/use
the workload identity webhook will try to add it, as the volumes section https://github.com/Azure/azure-workload-identity/blame/main/pkg/webhook/webhook.go#L401 are not the same, and the webhook tries to create it again.What did you expect to happen:
CAPZ pod doesn't come up
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
kubectl version
): 1.28/etc/os-release
):The text was updated successfully, but these errors were encountered: