Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attach DNS zone in App Routing add-on AKS CLI should check if the zone is a public or private zone #7249

Open
sabbour opened this issue Feb 2, 2024 · 4 comments
Open

Attach DNS zone in App Routing add-on AKS CLI should check if the zone is a public or private zone #7249

sabbour opened this issue Feb 2, 2024 · 4 comments
Labels
AKS Auto-Assign Auto assign by bot bug This issue requires a change to an existing behavior in the product in order to be resolved. Connected Kubernetes Service Attention This issue is responsible by Azure service team.

Comments

@sabbour
Copy link

sabbour commented Feb 2, 2024
edited
Loading

Describe the bug

The --attach-zone parameters of the az aks approuting command doesn't assign the right permissions when doing the role assignment.

  • For public/global Azure DNS zones, that should be DNS Zone Contributor, which is what it is doing right now.
  • For private Azure DNS zones, that should be Private DNS Zone Contirbutor, which is now being incorrectly set to DNS Zone Contributor.

This should be fixed for both the create and update functionality.
The code in reference is here:

Related command

az aks approuting zone add

Errors

The created role assignment is incorrect, which leads External DNS on the cluster to not work properly.

Issue script & Debug output

Expected behavior

  • For public/global Azure DNS zones, that should be DNS Zone Contributor, which is what it is doing right now.
  • For private Azure DNS zones, that should be Private DNS Zone Contirbutor, which is now being incorrectly set to DNS Zone Contributor.

This should be fixed for both the create and update functionality.

Environment Summary

azure-cli 2.54.0 *

core 2.54.0 *
telemetry 1.1.0

Extensions:
aks-preview 1.0.0b4
alb 1.0.0
amg 1.2.9
connectedk8s 1.5.3
containerapp 0.3.43
fleet 1.0.0
interactive 0.5.3
k8s-extension 1.5.2
load 0.3.2

Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2

Python location '/opt/az/bin/python3'
Extensions directory '/home/asabbour/.azure/cliextensions'

Python (Linux) 3.11.5 (main, Nov 8 2023, 05:20:54) [GCC 11.4.0]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

No response
@sabbour sabbour added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Feb 2, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added AKS Service Attention This issue is responsible by Azure service team. Auto-Assign Auto assign by bot Connected Kubernetes labels Feb 2, 2024
@yonzhan
Copy link
Collaborator

yonzhan commented Feb 2, 2024

Thank you for opening this issue, we will look into it.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @akashkeshari.

@sabbour
Copy link
Author

sabbour commented Feb 2, 2024

Tagging @bosesuneha from app routing engineering.

@bosesuneha
Copy link
Member

I'll create a PR for the fix.

@sabbour sabbour mentioned this issue Feb 13, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
AKS Auto-Assign Auto assign by bot bug This issue requires a change to an existing behavior in the product in order to be resolved. Connected Kubernetes Service Attention This issue is responsible by Azure service team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sabbour @yonzhan @bosesuneha