could not authenticate on the AzureChinaCloud environment #5785
Description
/kind bug
What steps did you take and what happened:
Hello,
we are bumping the cluster-api-provider-azure from the 1.17.4 to the 1.19.4 version due to a k8s version upgrade.
We are no more able to connect to the AzureChinaCloud environment.
we have the following error msg from the capz-controller-manager
E0724 13:04:46.102262 1 controller.go:316] "Reconciler error" err=<
failed to reconcile cluster services: failed to get availability zones: failed to get zones for location chinaeast2: failed to refresh resource sku cache: could not iterate resource skus: ClientSecretCredential: unable to resolve an endpoint: server response error:
EOFWhat did you expect to happen:
we excpect that the capz controller could authenticate to the azureChinaCloud Environment and work correctly.
Anything else you would like to add:
We have done some troubleshooting from our side, and it seems that the version of the microsoft-authentication-library-for-go has been bumped to the v1.2.3+ starting from the v1.18.0 capz version.
The AzureAD trusted hosts list defined in this library have been updated to no more trust the login.chinacloudapi.cn endpoint but rather the login.partner.microsoftonline.cn endpoint, we have an issue on the library repo to support both , you can check it here for more details.
We have the same issue on the cloud provider azure here.
Is there any workaroud to fix this until we have a fix on the AzureAD/microsoft-authentication-library-for-go library ?
Environment:
- cluster-api-provider-azure version: 1.18.0+
- Kubernetes version: (use
kubectl version): - OS (e.g. from
/etc/os-release):