Bug 1779666 - Can't create Azure worker nodes without managed identity (4.4)
Summary: Can't create Azure worker nodes without managed identity (4.4)
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.4.0
Assignee: Alberto
QA Contact: Jianwei Hou
Depends On:
Blocks: 1779665
TreeView+ depends on / blocked
Reported: 2019-12-04 13:28 UTC by Jim Minter
Modified: 2020-05-15 15:52 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-05-15 15:52:11 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-api-provider-azure pull 95 0 'None' closed Bug 1779666: Can't create Azure worker nodes without managed identity (4.4) 2020-05-25 16:57:49 UTC

Description Jim Minter 2019-12-04 13:28:47 UTC
Currently the Azure actuator validates to ensure that user managed identity is enabled for all VMs it creates.

Azure Red Hat OpenShift needs to be able to create 4.4 clusters without user managed identity as part of required security architecture modifications for the service.

Comment 2 Jianwei Hou 2019-12-20 06:42:30 UTC
Verified in 4.4.0-0.nightly-2019-12-19-223334

The IPI installer creates the machineSet with managedIdentity on Azure, to verify this, I removed the managedIdentity from a machineSet providerSpec then scale it up. Machine and VM are provisioned successfully.

Note You need to log in before you can comment on or make changes to this bug.