Description
What happened:
I set up external-dns according to the docs. I created an identity in azure, gave it "DNS Zone Contributor" rol, generated the federated credentials and set up external-dns via helm with the following setup (after testing different combinations:
provider: azure
serviceAccount:
annotations:
azure.workload.identity/client-id: "{{ azure_client_id }}"
labels:
azure.workload.identity/use: "true"
azure:
tenantId: "{{ azure_tenant_id }}"
subscriptionId: "{{ azure_subscription_id }}"
resourceGroup: "{{ external_dns_resource_group }}"
useWorkloadIdentityExtension: true
commonLabels:
azure.workload.identity/use: "true"
podLabels:
azure.workload.identity/use: "true"
podAnnotations:
azure.workload.identity/client-id: "{{ azure_client_id }}"
azure.workload.identity/tenant-id: "{{ azure_tenant_id }}"
logLevel: "debug"
domainFilters:
- {{ external_dns_zone }}
Yet I'm stuck with an error when the pod is starting:
time="2025-03-19T21:57:33Z" level=fatal msg="failed to get credentials: failed to create a workload identity token: no client ID specified. Check pod configuration or set ClientID in the options"
What am I doing wrong?
What you expected to happen:
That external-dns starts properly and is connected to azure via Workload Identity...
How to reproduce it (as minimally and precisely as possible):
Microk8s with external-dns.
Anything else we need to know?:
Environment:
Microk8s.
Azure.
External-dns deployed via helm
external-dns external-dns 7 2025-03-19 22:54:48.729186515 +0100 CET deployed external-dns-8.7.7 0.15.1