Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure MSI issues #1502

Open
buggtb opened this issue Dec 19, 2024 · 1 comment
Open

Azure MSI issues #1502

buggtb opened this issue Dec 19, 2024 · 1 comment

Comments

@buggtb
Copy link

buggtb commented Dec 19, 2024

Using devpod 0.6.5

I see this a lot

`[23:27:30] info Workspace dev-azure-com already exists

[23:27:42] fatal prepare workspace client: resolve option AZURE_PROVIDER_TOKEN: run command: exec command: DefaultAzureCredential: failed to acquire a token.

Attempted credentials:

        EnvironmentCredential: missing environment variable AZURE_TENANT_ID

        WorkloadIdentityCredential: no client ID specified. Check pod configuration or set ClientID in the options

        ManagedIdentityCredential: Get "http://169.254.169.254/metadata/identity/oauth2/token": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network.

        AzureCLICredential: exit status 1

        AzureDeveloperCLICredential: Azure Developer CLI not found on path

: exit status 1

and variants of it using the latest Azure provider and a slightly older one, stock setup USEast2. If I keep hammering it often it comes online, but it seems super weird in terms of how its connecting. But the debug logs don't help me figure out where the issue is.

@pascalbreuninger
Copy link
Member

Heu @buggtb, to me it looks like this could be the case when you're not logged into azure through the azure CLI?
I'm not sure about your orgs settings but I usually have to reauthenticate before doing anything with it.

The debug logs you see are the azure go sdk basically trying different methods to authenticate you:

  1. From the environment
  2. WorkloadIdentity from within a kubernetes cluster
  3. ManagedIdentity is usually used when Azure creates infra for you and assigns a managed identity to that instance, i.e. the VM
  4. Azure cli: This is the local azure CLI. Based on exit status 1 it looks like this might be the culprit here. It's basically running az account get-access-token -o json --resource $YOUR_RESOURCE --subscription $YOUR_SUBSCRIPTION. It depends on your account setup what exactly needs to be filled in here but I assume running the full command might give you more insights

DevPod could still do a better job of exposing these issues though

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants