Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
402 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm seeing the Arc Agent kube-aad-proxy Pod failing with x509: certificate signed by unknown authority
It's using container version: mcr.microsoft.com/azurearck8s/kube-aad-proxy:1.18.3
From the Kubernetes Node itself I have no problem curling the endpoint
curl -v https://sts.windows.net/<myTenantId>/.well-known/openid-configuration
Full log
time="2024-09-02T12:05:29Z" level=fatal msg="Failed to create authenticator. Error:Get \"https://sts.windows.net/<myTenantId>/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority
failed to create provider for azure
github.com/azure-core/ClusterConfigurationAgent/kube-aad-proxy/pkg/auth.NewAADAuthenticator
\t/usr/local/ClusterConfigurationAgent/kube-aad-proxy/pkg/auth/aadAuthenticator.go:89
github.com/azure-core/ClusterConfigurationAgent/kube-aad-proxy/pkg/server.(*Server).ListenAndServe
\t/usr/local/ClusterConfigurationAgent/kube-aad-proxy/pkg/server/server.go:137
github.com/azure-core/ClusterConfigurationAgent/kube-aad-proxy/cmd.NewRunCmd.func1
\t/usr/local/ClusterConfigurationAgent/kube-aad-proxy/cmd/run.go:33
github.com/spf13/cobra.(*Command).execute
\t/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:987
github.com/spf13/cobra.(*Command).ExecuteC
\t/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115
github.com/spf13/cobra.(*Command).Execute
\t/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039
main.main\n\t/usr/local/ClusterConfigurationAgent/kube-aad-proxy/main.go:32
runtime.main
\t/usr/local/go/src/runtime/proc.go:271\nruntime.goexit
\t/usr/local/go/src/runtime/asm_amd64.s:1695"